Merge pull request #642 in SNORT/snort3 from appid_log_file_bug to master

Squashed commit of the following:

commit d75835a1383c4d93e68a8f32d135b693dbfe3d9a
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Tue Sep 27 16:26:08 2016 -0400

    only log unknow appid if it is non-zero

    fix snort2lua to output 'log_stats true' for appid 'app_stats_filename' option'

    init static thread local variable for client app config

    fix issues from code review comments, u_int8_t->uint8_t, type/var/field renames to conform to coding style

    fix coding style naming issue

diff --git a/src/network_inspectors/appid/app_forecast.cc b/src/network_inspectors/appid/app_forecast.cc
index 8705c3d2d06bfba910c5c3491c3673e8430e28b5..e3cea62d0a1553c401ff451d87620034aa7deba7 100644 (file)
--- a/src/network_inspectors/appid/app_forecast.cc
+++ b/src/network_inspectors/appid/app_forecast.cc
@@ -23,10 +23,65 @@
 
 #include "hash/sfxhash.h"
 #include "time/packet_time.h"
+#include "log/messages.h"
 
 #include "application_ids.h"
 
 static AFActKey master_key;
+static THREAD_LOCAL SFXHASH* AF_indicators = nullptr;     // App Forecasting list of "indicator apps"
+static THREAD_LOCAL SFXHASH* AF_actives = nullptr;        // App Forecasting list of hosts to watch for forecast apps
+
+int init_appid_forecast()
+{
+    if (!(AF_indicators = sfxhash_new(1024, sizeof(AppId), sizeof(AFElement),
+            0, 0, nullptr, nullptr, 0)))
+    {
+        ErrorMessage("Config: failed to allocate memory for an AF Indicators hash.");
+        return 0;
+    }
+
+    if (!(AF_actives = sfxhash_new(1024, sizeof(AFActKey), sizeof(AFActVal),
+            (sizeof(SFXHASH_NODE)*2048), 1, nullptr,  nullptr, 1)))
+    {
+        sfxhash_delete(AF_indicators);
+        ErrorMessage("Config: failed to allocate memory for an AF Actives hash.");
+        return 0;
+    }
+    else
+        return 1;
+}
+
+void clean_appid_forecast()
+{
+    if (AF_indicators)
+    {
+        sfxhash_delete(AF_indicators);
+        AF_indicators = nullptr;
+    }
+
+    if (AF_actives)
+    {
+        sfxhash_delete(AF_actives);
+        AF_actives = nullptr;
+    }
+}
+
+void add_af_indicator(ApplicationId indicator, ApplicationId forecast, ApplicationId target )
+{
+    if (sfxhash_find(AF_indicators, &indicator))
+    {
+        ErrorMessage("LuaDetectorApi:Attempt to add more than one AFElement per appId %d",
+            indicator);
+        return;
+    }
+
+    AFElement val;
+    val.indicator = indicator;
+    val.forecast = forecast;
+    val.target = target;
+    if (sfxhash_add(AF_indicators, &indicator, &val))
+        ErrorMessage("LuaDetectorApi:Failed to add AFElement for appId %d", indicator);
+}
 
 static inline void rekeyMasterAFActKey(Packet* p, int dir, ApplicationId forecast)
 {
@@ -38,17 +93,16 @@ static inline void rekeyMasterAFActKey(Packet* p, int dir, ApplicationId forecas
     master_key.forecast = forecast;
 }
 
-void checkSessionForAFIndicator(
-    Packet* p, int dir, const AppIdConfig* pConfig, ApplicationId indicator)
+void checkSessionForAFIndicator(Packet* p, int dir, ApplicationId indicator)
 {
     AFElement* ind_element;
-    if (!(ind_element = (AFElement*)sfxhash_find(pConfig->AF_indicators, &indicator)))
+    if (!(ind_element = (AFElement*)sfxhash_find(AF_indicators, &indicator)))
         return;
 
     rekeyMasterAFActKey(p, dir, ind_element->forecast);
 
     AFActVal* test_active_value;
-    if ((test_active_value = (AFActVal*)sfxhash_find(pConfig->AF_actives, &master_key)))
+    if ((test_active_value = (AFActVal*)sfxhash_find(AF_actives, &master_key)))
     {
         test_active_value->last = packet_time();
         test_active_value->target = ind_element->target;
@@ -59,18 +113,17 @@ void checkSessionForAFIndicator(
     new_active_value.target = ind_element->target;
     new_active_value.last = packet_time();
 
-    sfxhash_add(pConfig->AF_actives, &master_key, &new_active_value);
+    sfxhash_add(AF_actives, &master_key, &new_active_value);
 }
 
-AppId checkSessionForAFForecast(
-    AppIdSession* session, Packet* p, int dir, const AppIdConfig* pConfig, ApplicationId forecast)
+AppId checkSessionForAFForecast(AppIdSession* session, Packet* p, int dir, ApplicationId forecast)
 {
     AFActVal* check_act_val;
 
     rekeyMasterAFActKey(p, dir, forecast);
 
     //get out if there is no value
-    if (!(check_act_val = (AFActVal*)sfxhash_find(pConfig->AF_actives, &master_key)))
+    if (!(check_act_val = (AFActVal*)sfxhash_find(AF_actives, &master_key)))
         return APP_ID_UNKNOWN;
 
     //if the value is older than 5 minutes, remove it and get out
@@ -78,7 +131,7 @@ AppId checkSessionForAFForecast(
     age = packet_time() - check_act_val->last;
     if (age < 0 || age > 300)
     {
-        sfxhash_remove(pConfig->AF_actives, &master_key);
+        sfxhash_remove(AF_actives, &master_key);
         return APP_ID_UNKNOWN;
     }
 

diff --git a/src/network_inspectors/appid/app_forecast.h b/src/network_inspectors/appid/app_forecast.h
index dbdf84b4670f2fff53734cfccc4d63e74d39ef44..ffb26f20c3ed5469b16e24b51c113049d3497be1 100644 (file)
--- a/src/network_inspectors/appid/app_forecast.h
+++ b/src/network_inspectors/appid/app_forecast.h
@@ -61,8 +61,12 @@ struct AFActVal
     time_t last;
 };
 
-void checkSessionForAFIndicator(Packet*, int, const AppIdConfig*, ApplicationId);
-AppId checkSessionForAFForecast(AppIdSession*, Packet*, int, const AppIdConfig*, ApplicationId);
+int init_appid_forecast();
+void clean_appid_forecast();
+void add_af_indicator(ApplicationId indicator, ApplicationId forecast, ApplicationId target );
+
+void checkSessionForAFIndicator(Packet*, int, ApplicationId);
+AppId checkSessionForAFForecast(AppIdSession*, Packet*, int, ApplicationId);
 
 #endif
 

diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc
index bf4a0fde4f1e9c9a1a8feda579f568af122dc522..8af7c85621dd5a08d6cf9ec8d1d3f2165d53f114 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -48,6 +48,14 @@ struct DynamicArray
     size_t stepSize;
 };
 
+static AppInfoTableEntry* AppInfoList = nullptr;
+static AppInfoTableEntry* AppInfoTable[SF_APPID_MAX] = { nullptr };
+static AppInfoTableEntry* AppInfoTableByService[SF_APPID_MAX] = { nullptr };
+static AppInfoTableEntry* AppInfoTableByClient[SF_APPID_MAX] = { nullptr };
+static AppInfoTableEntry* AppInfoTableByPayload[SF_APPID_MAX] = { nullptr };
+static SFGHASH* AppNameHash = nullptr;
+static THREAD_LOCAL DynamicArray* AppInfoTableDyn  = nullptr;
+
 static inline DynamicArray* dynamicArrayCreate(unsigned indexStart)
 {
     DynamicArray* array;
@@ -86,6 +94,11 @@ static inline void dynamicArraySetIndex(DynamicArray* array, unsigned index,
 
 static inline AppInfoTableEntry* dynamicArrayGetIndex(DynamicArray* array, unsigned index)
 {
+    // FIXIT-H: appid stats dumped from main thread at snort exit happens after the array has been
+    // freed
+    if(!array)
+        return nullptr;
+
     if (index >= array->indexStart && index < (array->indexStart + array->usedCount))
         return array->table[index - array->indexStart];
     return nullptr;
@@ -131,7 +144,6 @@ static inline void* dynamicArrayGetNext(DynamicArray* array)
     return nullptr;
 }
 
-// End of Dynamic array
 static SFGHASH* appNameHashInit()
 {
     SFGHASH* appNameHash;
@@ -139,12 +151,10 @@ static SFGHASH* appNameHashInit()
     return appNameHash;
 }
 
-static void appNameHashFini(SFGHASH* appNameHash)
+void appNameHashFini()
 {
-    if (appNameHash)
-    {
-        sfghash_delete(appNameHash);
-    }
+    if (AppNameHash)
+        sfghash_delete(AppNameHash);
 }
 
 static inline char* strdupToLower(const char* source)
@@ -214,7 +224,7 @@ static void* appNameHashFind(SFGHASH* appNameHash, const char* appName)
 
 // End of appName hash
 
-static void appIdConfLoad(const char* path);
+static void load_appid_config(const char* path);
 
 static AppId getAppIdStaticIndex(AppId appid)
 {
@@ -225,15 +235,15 @@ static AppId getAppIdStaticIndex(AppId appid)
     return 0;
 }
 
-AppInfoTableEntry* appInfoEntryGet(AppId appId, const AppIdConfig* pConfig)
+AppInfoTableEntry* appInfoEntryGet(AppId appId)
 {
     AppId tmp;
     if ((tmp = getAppIdStaticIndex(appId)))
-        return pConfig->AppInfoTable[tmp];
-    return dynamicArrayGetIndex(pConfig->AppInfoTableDyn, appId);
+        return AppInfoTable[tmp];
+    return dynamicArrayGetIndex(AppInfoTableDyn, appId);
 }
 
-AppInfoTableEntry* appInfoEntryCreate(const char* appName, AppIdConfig* pConfig)
+AppInfoTableEntry* appInfoEntryCreate(const char* appName)
 {
     AppId appId;
     AppInfoTableEntry* entry;
@@ -244,11 +254,11 @@ AppInfoTableEntry* appInfoEntryCreate(const char* appName, AppIdConfig* pConfig)
         return nullptr;
     }
 
-    entry = static_cast<decltype(entry)>(appNameHashFind(pConfig->AppNameHash, appName));
+    entry = static_cast<decltype(entry)>(appNameHashFind(AppNameHash, appName));
 
     if (!entry)
     {
-        if (!dynamicArrayCreateIndex(pConfig->AppInfoTableDyn, (uint32_t*)&appId))
+        if (!dynamicArrayCreateIndex(AppInfoTableDyn, (uint32_t*)&appId))
             return nullptr;
 
         entry = static_cast<decltype(entry)>(snort_calloc(sizeof(AppInfoTableEntry)));
@@ -257,12 +267,23 @@ AppInfoTableEntry* appInfoEntryCreate(const char* appName, AppIdConfig* pConfig)
         entry->clientId = entry->appId;
         entry->payloadId = entry->appId;
         entry->appName = snort_strdup(appName);
-        dynamicArraySetIndex(pConfig->AppInfoTableDyn, appId, entry);
+        dynamicArraySetIndex(AppInfoTableDyn, appId, entry);
     }
     return entry;
 }
 
-void appInfoTableInit(const char* path, AppIdConfig* pConfig)
+void init_dynamic_app_info_table()
+{
+    AppInfoTableDyn = dynamicArrayCreate(SF_APPID_DYNAMIC_MIN);
+}
+
+void free_dynamic_app_info_table()
+{
+    dynamicArrayDestroy(AppInfoTableDyn);
+    AppInfoTableDyn = nullptr;
+}
+
+void init_appid_info_table(const char* path)
 {
     FILE* tableFile;
     const char* token;
@@ -272,11 +293,9 @@ void appInfoTableInit(const char* path, AppIdConfig* pConfig)
     uint32_t clientId, serviceId, payloadId;
     char filepath[PATH_MAX];
     char* appName;
-    char* snortName=nullptr;
+    char* snortName = nullptr;
     char* context;
 
-    pConfig->AppInfoTableDyn = dynamicArrayCreate(SF_APPID_DYNAMIC_MIN);
-
     snprintf(filepath, sizeof(filepath), "%s/odp/%s", path, APP_MAPPING_FILE);
 
     tableFile = fopen(filepath, "r");
@@ -343,8 +362,8 @@ void appInfoTableInit(const char* path, AppIdConfig* pConfig)
             snortName = snort_strdup(token);
 
         entry = static_cast<decltype(entry)>(snort_calloc(sizeof(AppInfoTableEntry)));
-        entry->next = pConfig->AppInfoList;
-        pConfig->AppInfoList = entry;
+        entry->next = AppInfoList;
+        AppInfoList = entry;
         entry->snortId = AddProtocolReference(snortName);
         snort_free(snortName);
         snortName = nullptr;
@@ -356,19 +375,18 @@ void appInfoTableInit(const char* path, AppIdConfig* pConfig)
         entry->priority = APP_PRIORITY_DEFAULT;
 
         if ((appId = getAppIdStaticIndex(entry->appId)))
-            pConfig->AppInfoTable[appId] = entry;
+            AppInfoTable[appId] = entry;
         if ((appId = getAppIdStaticIndex(entry->serviceId)))
-            pConfig->AppInfoTableByService[appId] = entry;
+            AppInfoTableByService[appId] = entry;
         if ((appId = getAppIdStaticIndex(entry->clientId)))
-            pConfig->AppInfoTableByClient[appId] = entry;
+            AppInfoTableByClient[appId] = entry;
         if ((appId = getAppIdStaticIndex(entry->payloadId)))
-            pConfig->AppInfoTableByPayload[appId] = entry;
+            AppInfoTableByPayload[appId] = entry;
 
-        if (!pConfig->AppNameHash)
-        {
-            pConfig->AppNameHash = appNameHashInit();
-        }
-        appNameHashAdd(pConfig->AppNameHash, appName, entry);
+        if (!AppNameHash)
+            AppNameHash = appNameHashInit();
+
+        appNameHashAdd(AppNameHash, appName, entry);
     }
     fclose(tableFile);
 
@@ -380,140 +398,127 @@ void appInfoTableInit(const char* path, AppIdConfig* pConfig)
     pAppidActiveConfig->mod_config->http2_detection_enabled = false;
 
     snprintf(filepath, sizeof(filepath), "%s/odp/%s", path, APP_CONFIG_FILE);
-    appIdConfLoad (filepath);
+    load_appid_config (filepath);
     snprintf(filepath, sizeof(filepath), "%s/custom/%s", path, USR_CONFIG_FILE);
-    appIdConfLoad (filepath);
+    load_appid_config (filepath);
 }
 
-void appInfoTableFini(AppIdConfig* pConfig)
+void cleanup_appid_info_table()
 {
     AppInfoTableEntry* entry;
 
-    while ((entry = pConfig->AppInfoList))
+    while ((entry = AppInfoList))
     {
-        pConfig->AppInfoList = entry->next;
+        AppInfoList = entry->next;
         snort_free(entry->appName);
         snort_free(entry);
     }
 
-    dynamicArrayDestroy(pConfig->AppInfoTableDyn);
-    pConfig->AppInfoTableDyn = nullptr;
-
-    appNameHashFini(pConfig->AppNameHash);
+    appNameHashFini();
 }
 
-void appInfoTableDump(AppIdConfig* pConfig)
+void dump_app_info_table()
 {
     AppInfoTableEntry* entry;
     AppId appId;
 
-    ErrorMessage("Cisco provided detectors:\n");
+    LogMessage("Cisco provided detectors:\n");
     for (appId = 1; appId < SF_APPID_MAX; appId++)
     {
-        entry = pConfig->AppInfoTable[appId];
+        entry = AppInfoTable[appId];
         if (entry)
-            ErrorMessage("%s\t%d\t%s\n", entry->appName, entry->appId, (entry->flags &
+            LogMessage("%s\t%d\t%s\n", entry->appName, entry->appId, (entry->flags &
                 APPINFO_FLAG_ACTIVE) ? "active" : "inactive");
     }
-    ErrorMessage("User provided detectors:\n");
-    for (entry = (decltype(entry))dynamicArrayGetFirst(pConfig->AppInfoTableDyn); entry; entry =
-        (decltype(entry))dynamicArrayGetNext(pConfig->AppInfoTableDyn))
+
+    LogMessage("User provided detectors:\n");
+    for (entry = (decltype(entry))dynamicArrayGetFirst(AppInfoTableDyn);
+            entry;
+            entry = (decltype(entry))dynamicArrayGetNext(AppInfoTableDyn))
     {
-        ErrorMessage("%s\t%d\t%s\n", entry->appName, entry->appId, (entry->flags &
+        LogMessage("%s\t%d\t%s\n", entry->appName, entry->appId, (entry->flags &
             APPINFO_FLAG_ACTIVE) ? "active" : "inactive");
     }
 }
 
-AppId appGetAppFromServiceId(uint32_t appId, AppIdConfig* pConfig)
+AppId get_appid_by_service_id(uint32_t appId)
 {
     AppInfoTableEntry* entry;
     AppId tmp;
 
     if ((tmp = getAppIdStaticIndex(appId)))
-        entry = pConfig->AppInfoTableByService[tmp];
+        entry = AppInfoTableByService[tmp];
     else
-        entry = dynamicArrayGetIndex(pConfig->AppInfoTableDyn, appId);
+        entry = dynamicArrayGetIndex(AppInfoTableDyn, appId);
 
     return entry ? entry->appId : APP_ID_NONE;
 }
 
-AppId appGetAppFromClientId(uint32_t appId, AppIdConfig* pConfig)
+AppId get_appid_by_client_id(uint32_t appId)
 {
     AppInfoTableEntry* entry;
     AppId tmp;
 
     if ((tmp = getAppIdStaticIndex(appId)))
-        entry = pConfig->AppInfoTableByClient[tmp];
+        entry = AppInfoTableByClient[tmp];
     else
-        entry = dynamicArrayGetIndex(pConfig->AppInfoTableDyn, appId);
+        entry = dynamicArrayGetIndex(AppInfoTableDyn, appId);
 
     return entry ? entry->appId : APP_ID_NONE;
 }
 
-AppId appGetAppFromPayloadId(uint32_t appId, AppIdConfig* pConfig)
+AppId get_appid_by_payload_id(uint32_t appId)
 {
     AppInfoTableEntry* entry;
     AppId tmp;
 
     if ((tmp = getAppIdStaticIndex(appId)))
-        entry = pConfig->AppInfoTableByPayload[tmp];
+        entry = AppInfoTableByPayload[tmp];
     else
-        entry = dynamicArrayGetIndex(pConfig->AppInfoTableDyn, appId);
+        entry = dynamicArrayGetIndex(AppInfoTableDyn, appId);
 
     return entry ? entry->appId : APP_ID_NONE;
 }
 
-const char* appGetAppName(int32_t appId)
+const char* get_app_name(int32_t appId)
 {
     AppInfoTableEntry* entry;
-    AppIdConfig* pConfig = pAppidActiveConfig;
     AppId tmp;
 
     if ((tmp = getAppIdStaticIndex(appId)))
-        entry = pConfig->AppInfoTable[tmp];
+        entry = AppInfoTable[tmp];
     else
-        entry = dynamicArrayGetIndex(pConfig->AppInfoTableDyn, appId);
+        entry = dynamicArrayGetIndex(AppInfoTableDyn, appId);
 
     return entry ? entry->appName : nullptr;
 }
 
-int32_t appGetAppId(const char* appName)
+int32_t get_appid_by_name(const char* appName)
 {
-    AppInfoTableEntry* entry;
-    AppIdConfig* pConfig = pAppidActiveConfig;
-
-    entry = (decltype(entry))appNameHashFind(pConfig->AppNameHash, appName);
+    AppInfoTableEntry* entry = (decltype(entry))appNameHashFind(AppNameHash, appName);
     return entry ? entry->appId : 0;
 }
 
-void appInfoSetActive(AppId appId, bool active)
+void set_app_info_active(AppId appId)
 {
     AppInfoTableEntry* entry = nullptr;
-    AppIdConfig* pConfig = pAppidActiveConfig;
     AppId tmp;
 
     if (appId == APP_ID_NONE)
         return;
 
     if ((tmp = getAppIdStaticIndex(appId)))
-        entry =  pConfig->AppInfoTable[tmp];
+        entry =  AppInfoTable[tmp];
     else
-        entry = dynamicArrayGetIndex(pConfig->AppInfoTableDyn, appId);
+        entry = dynamicArrayGetIndex(AppInfoTableDyn, appId);
 
     if (entry)
-    {
-        if (active)
-            entry->flags |= APPINFO_FLAG_ACTIVE;
-        else
-            entry->flags &= ~APPINFO_FLAG_ACTIVE;
-    }
+        entry->flags |= APPINFO_FLAG_ACTIVE;
     else
-    {
         ErrorMessage("AppInfo: AppId %d is UNKNOWN\n", appId);
-    }
 }
 
-static void appIdConfLoad(const char* path)
+static void load_appid_config(const char* path)
 {
     FILE* config_file;
     char* token;
@@ -524,7 +529,6 @@ static void appIdConfLoad(const char* path)
     char* conf_key;
     char* conf_val;
     unsigned line = 0;
-    AppIdConfig* pConfig = pAppidActiveConfig;
     int max_tp_flow_depth;
     char* context;
 
@@ -597,14 +601,14 @@ static void appIdConfLoad(const char* path)
                 DebugFormat(DEBUG_INSPECTOR,
                     "AppId: if thirdparty reports app %d, we will use it as a client.\n",
                     atoi(conf_val));
-                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_TP_CLIENT, pConfig);
+                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_TP_CLIENT);
             }
             else if (!(strcasecmp(conf_key, "ssl_reinspect")))
             {
                 DebugFormat(DEBUG_INSPECTOR,
                     "AppId: adding app %d to list of SSL apps that get more granular inspection.\n",
                     atoi(conf_val));
-                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT, pConfig);
+                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT);
             }
             else if (!(strcasecmp(conf_key, "disable_safe_search")))
             {
@@ -620,14 +624,14 @@ static void appIdConfLoad(const char* path)
                 DebugFormat(DEBUG_INSPECTOR,
                     "AppId: adding app %d to list of SSL apps that may open a second SSL connection.\n",
                     atoi(conf_val));
-                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH, pConfig);
+                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH);
             }
             else if (!(strcasecmp(conf_key, "defer_to_thirdparty")))
             {
                 DebugFormat(DEBUG_INSPECTOR,
                     "AppId: adding app %d to list of apps where we should take thirdparty ID over the NDE's.\n",
                     atoi(conf_val));
-                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_DEFER, pConfig);
+                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_DEFER);
             }
             else if (!(strcasecmp(conf_key, "defer_payload_to_thirdparty")))
             {
@@ -635,7 +639,7 @@ static void appIdConfLoad(const char* path)
                     "AppId: adding app %d to list of apps where we should take "
                     "thirdparty payload ID over the NDE's.\n",
                     atoi(conf_val));
-                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_DEFER_PAYLOAD, pConfig);
+                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_DEFER_PAYLOAD);
             }
             else if (!(strcasecmp(conf_key, "chp_userid")))
             {
@@ -690,7 +694,7 @@ static void appIdConfLoad(const char* path)
                 conf_val = token;
                 uint8_t temp_val;
                 temp_val = strtol(conf_val, nullptr, 10);
-                appInfoEntryPrioritySet (temp_appid, temp_val, pConfig);
+                appInfoEntryPrioritySet (temp_appid, temp_val);
                 DebugFormat(DEBUG_INSPECTOR,"AppId: %d Setting priority bit %d .\n",
                     temp_appid, temp_val);
             }
@@ -705,13 +709,13 @@ static void appIdConfLoad(const char* path)
                 {
                     referred_app_index=0;
                     referred_app_index += sprintf(referred_app_list, "%d ", atoi(conf_val));
-                    appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_REFERRED, pConfig);
+                    appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_REFERRED);
 
                     while ((token = strtok_r(nullptr, CONF_SEPARATORS, &context)) != nullptr)
                     {
                         referred_app_index += sprintf(referred_app_list+referred_app_index, "%d ",
                             atoi(token));
-                        appInfoEntryFlagSet(atoi(token), APPINFO_FLAG_REFERRED, pConfig);
+                        appInfoEntryFlagSet(atoi(token), APPINFO_FLAG_REFERRED);
                     }
                     DebugFormat(DEBUG_INSPECTOR,
                         "AppId: adding appIds to list of referred web apps: %s\n",
@@ -738,7 +742,7 @@ static void appIdConfLoad(const char* path)
             {
                 LogMessage("AppId: adding app %d to list of ignore thirdparty apps.\n", atoi(
                     conf_val));
-                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_IGNORE, pConfig);
+                appInfoEntryFlagSet(atoi(conf_val), APPINFO_FLAG_IGNORE);
             }
             else if (!(strcasecmp(conf_key, "http2_detection")))
             {

diff --git a/src/network_inspectors/appid/app_info_table.h b/src/network_inspectors/appid/app_info_table.h
index 962bbad4132fb3940280f21f4cd67f3dbb4e0a55..6af24452a70d9717f2dc9286e0a6b327b4b1a642 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.h
+++ b/src/network_inspectors/appid/app_info_table.h
@@ -67,51 +67,55 @@ struct AppInfoTableEntry
     char* appName;
 };
 
-void appInfoTableInit(const char* path, AppIdConfig*);
-void appInfoTableFini(AppIdConfig*);
+void appNameHashFini();
 
-AppInfoTableEntry* appInfoEntryGet(AppId, const AppIdConfig*);
-AppInfoTableEntry* appInfoEntryCreate(const char* appName, AppIdConfig*);
+void init_appid_info_table(const char* path);
+void cleanup_appid_info_table();
+void init_dynamic_app_info_table();
+void free_dynamic_app_info_table();
+
+AppInfoTableEntry* appInfoEntryGet(AppId);
+AppInfoTableEntry* appInfoEntryCreate(const char* appName);
 AppId appGetSnortIdFromAppId(AppId);
-AppId appGetAppFromServiceId(uint32_t appId, AppIdConfig* pConfig);
-AppId appGetAppFromClientId(uint32_t appId, AppIdConfig* pConfig);
-AppId appGetAppFromPayloadId(uint32_t appId, AppIdConfig* pConfig);
+AppId get_appid_by_service_id(uint32_t appId);
+AppId get_appid_by_client_id(uint32_t appId);
+AppId get_appid_by_payload_id(uint32_t appId);
 void AppIdDumpStats(int exit_flag);
-void appInfoTableDump(AppIdConfig*);
-void appInfoSetActive(AppId, bool active);
-const char* appGetAppName(int32_t appId);
-int32_t appGetAppId(const char* appName);
+void dump_app_info_table();
+void set_app_info_active(AppId);
+const char* get_app_name(int32_t appId);
+int32_t get_appid_by_name(const char* appName);
 
-inline void appInfoEntryFlagSet(AppId appId, unsigned flags, AppIdConfig* pConfig)
+inline void appInfoEntryFlagSet(AppId appId, unsigned flags)
 {
-    AppInfoTableEntry* entry = appInfoEntryGet(appId, pConfig);
+    AppInfoTableEntry* entry = appInfoEntryGet(appId);
     if ( entry )
         entry->flags |= flags;
 }
 
-inline void appInfoEntryFlagClear(AppId appId, unsigned flags, AppIdConfig* pConfig)
+inline void appInfoEntryFlagClear(AppId appId, unsigned flags)
 {
-    AppInfoTableEntry* entry = appInfoEntryGet(appId, pConfig);
+    AppInfoTableEntry* entry = appInfoEntryGet(appId);
     if ( entry )
         entry->flags &= (~flags);
 }
 
-inline unsigned appInfoEntryFlagGet(AppId app_id, unsigned flags, AppIdConfig* pConfig)
+inline unsigned appInfoEntryFlagGet(AppId app_id, unsigned flags)
 {
-    AppInfoTableEntry* entry = appInfoEntryGet(app_id, pConfig);
+    AppInfoTableEntry* entry = appInfoEntryGet(app_id);
     return entry ? entry->flags & flags : 0;
 }
 
-inline void appInfoEntryPrioritySet(AppId appId, unsigned priority, AppIdConfig* pConfig)
+inline void appInfoEntryPrioritySet(AppId appId, unsigned priority)
 {
-    AppInfoTableEntry* entry = appInfoEntryGet(appId, pConfig);
+    AppInfoTableEntry* entry = appInfoEntryGet(appId);
     if ( entry )
         entry->priority |= priority;
 }
 
-inline unsigned appInfoEntryPriorityGet(AppId app_id, AppIdConfig* pConfig)
+inline unsigned appInfoEntryPriorityGet(AppId app_id)
 {
-    AppInfoTableEntry* entry = appInfoEntryGet(app_id, pConfig);
+    AppInfoTableEntry* entry = appInfoEntryGet(app_id);
     return entry ? entry->priority : 0;
 }
 

diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc
index c28ab3b2278fd64dbc13eece590272ad437618c5..3e7050085a668ed3f11f34b73bdb75f0baf773a7 100644 (file)
--- a/src/network_inspectors/appid/appid_api.cc
+++ b/src/network_inspectors/appid/appid_api.cc
@@ -34,12 +34,12 @@ AppIdApi appid_api;
 
 const char* AppIdApi::get_application_name(int32_t app_id)
 {
-    return appGetAppName(app_id);
+    return get_app_name(app_id);
 }
 
 AppId AppIdApi::get_application_id(const char* appName)
 {
-    return appGetAppId(appName);
+    return get_appid_by_name(appName);
 }
 
 AppId AppIdApi::get_service_app_id(AppIdSession* session)

diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc
index 168b0b1e93a148de4d501ba670665bc56e8b4636..a39ac7870ee25e4c51c192ccc0d3ea79ba01ca51 100644 (file)
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -22,39 +22,20 @@
 #include <glob.h>
 
 #include "appid_config.h"
-#include "appid_stats.h"
 #include "app_info_table.h"
-#include "application_ids.h"
-#include "app_forecast.h"
-#include "fw_appid.h"
-#include "host_port_app_cache.h"
-#include "length_app_cache.h"
-#include "thirdparty_appid_utils.h"
-#include "client_plugins/client_app_base.h"
-#include "service_plugins/service_base.h"
-#include "service_plugins/service_ssl.h"
-#include "detector_plugins/detector_base.h"
-#include "detector_plugins/detector_http.h"
-#include "detector_plugins/detector_dns.h"
-
 #include "appid_utils/network_set.h"
 #include "appid_utils/ip_funcs.h"
 #include "appid_utils/common_util.h"
 #include "appid_utils/sfutil.h"
-
-#include "lua_detector_api.h"
-#include "lua_detector_module.h"
-
 #include "main/snort_debug.h"
 #include "log/messages.h"
 #include "utils/util.h"
+#include "thirdparty_appid_utils.h"
+#include "service_plugins/service_base.h"
 
 #define ODP_PORT_DETECTORS "odp/port/*"
 #define CUSTOM_PORT_DETECTORS "custom/port/*"
 
-/*static const char * const MODULE_NAME = "AppMatcher"; */
-#define MAX_DISPLAY_SIZE   65536
-
 // FIXIT - M this global needs to go asap... just here now to compile while doing some major config
 // refactoring
 AppIdConfig* pAppidActiveConfig = nullptr;
@@ -68,10 +49,11 @@ struct PortList
     uint16_t port;
 };
 
+static THREAD_LOCAL SF_LIST genericConfigList;                      ///< List of AppidGenericConfigItem structures
+
 AppIdModuleConfig::~AppIdModuleConfig()
 {
     snort_free((void*)conf_file);
-    snort_free((void*)app_stats_filename);
     snort_free((void*)app_detector_dir);
     snort_free((void*)thirdparty_appid_dir);
     pAppidActiveConfig = nullptr;
@@ -243,9 +225,9 @@ void AppIdConfig::read_port_detectors(const char* files)
                     udp_port_only[tmp_port->port] = appId;
 
                 snort_free(tmp_port);
-                appInfoSetActive(appId, true);
+                set_app_info_active(appId);
             }
-            appInfoSetActive(appId, true);
+            set_app_info_active(appId);
         }
         else
             ErrorMessage("Missing parameter(s) in port service '%s'\n",globs.gl_pathv[n]);
@@ -678,91 +660,6 @@ int AppIdConfig::load_analysis_config(const char* config_file, int reload, int i
     return 0;
 }
 
-void AppIdConfig::load_modules(uint32_t instance_id)
-{
-    if (LoadServiceModules(nullptr, instance_id, this))
-        exit(-1);
-
-    if (LoadClientAppModules(this))
-        exit(-1);
-
-    if (LoadDetectorModules(nullptr))
-        exit(-1);
-}
-
-void AppIdConfig::finalize_pattern_modules()
-{
-    unsigned int i;
-    ServicePatternData* curr;
-    ServicePatternData* lists[] = { serviceConfig.tcp_pattern_data,
-                                    serviceConfig.udp_pattern_data };
-    for (i = 0; i < (sizeof(lists) / sizeof(*lists)); i++)
-    {
-        curr = lists[i];
-        while (curr != nullptr)
-        {
-            if (curr->svc != nullptr)
-            {
-                bool isActive = true;
-                if (curr->svc->userdata && !curr->svc->userdata->isActive)
-                {
-                    /* C detectors don't have userdata here, but they're always
-                     * active.  So, this check is really just for Lua
-                     * detectors. */
-                    isActive = false;
-                }
-                if (isActive)
-                {
-                    curr->svc->current_ref_count = curr->svc->ref_count;
-                }
-            }
-            curr = curr->next;
-        }
-    }
-}
-
-int AppIdConfig::init_AF_indicators()
-{
-    if (!(AF_indicators = sfxhash_new(1024, sizeof(AppId), sizeof(AFElement), 0,
-            0, nullptr, nullptr, 0)))
-    {
-        ErrorMessage("Config: failed to allocate memory for an sfxhash.");
-        return 0;
-    }
-    else
-        return 1;
-}
-
-int AppIdConfig::init_AF_actives()
-{
-    if (!(AF_actives = sfxhash_new(1024, sizeof(AFActKey), sizeof(AFActVal),
-            (sizeof(SFXHASH_NODE)*2048), 1, nullptr,  nullptr, 1)))
-    {
-        ErrorMessage("Config: failed to allocate memory for an sfxhash.");
-        return 0;
-    }
-    else
-        return 1;
-}
-
-static int genericDataFree(void* /* key */, void* data)
-{
-    if (data)
-        snort_free(data);
-    return 0;
-}
-
-int AppIdConfig::init_CHP_glossary()
-{
-    if (!(CHP_glossary = sfxhash_new(1024, sizeof(AppId), 0, 0, 0, nullptr, &genericDataFree, 0)))
-    {
-        ErrorMessage("Config: failed to allocate memory for an sfxhash.");
-        return 0;
-    }
-    else
-        return 1;
-}
-
 void AppIdConfig::set_safe_search_enforcement(int enabled)
 {
     DEBUG_WRAP(DebugFormat(DEBUG_APPID, "    Safe Search Enforcement enabled = %d.\n",enabled); );
@@ -771,73 +668,34 @@ void AppIdConfig::set_safe_search_enforcement(int enabled)
 
 bool AppIdConfig::init_appid( )
 {
-    map_app_names_to_snort_ids();
-
-    if (config_state == RNA_FW_CONFIG_STATE_UNINIT)
-    {
-        appIdPolicyId = 53;
-        // FIXIT - active config must be per Inspector instance...not this global...
-        pAppidActiveConfig = this;
-        config_state = RNA_FW_CONFIG_STATE_PENDING;
-
-        InitNetmasks(app_id_netmasks);
-        sflist_init(&pAppidActiveConfig->client_app_args);
-        load_analysis_config(mod_config->conf_file, 0, mod_config->instance_id);
-        if (!init_CHP_glossary( ))
-            return false;
-        if (!init_AF_indicators( ))
-            return false;
-        if (!init_AF_actives( ))
-            return false;
-
-        LuaDetectorModuleManager::luaModuleInit();
-        appInfoTableInit(mod_config->app_detector_dir, pAppidActiveConfig);
-        read_port_detectors(ODP_PORT_DETECTORS);
-        read_port_detectors(CUSTOM_PORT_DETECTORS);
-        load_modules(mod_config->instance_id);
-        hostPortAppCacheInit(pAppidActiveConfig);
-        lengthAppCacheInit(pAppidActiveConfig);
-
-        LuaDetectorModuleManager::LoadLuaModules(pAppidActiveConfig);
-        ClientAppInit(pAppidActiveConfig);
-        ServiceInit(pAppidActiveConfig);
-        LuaDetectorModuleManager::FinalizeLuaModules(pAppidActiveConfig);
-        finalize_pattern_modules();
-        http_detector_finalize(pAppidActiveConfig);
-#ifdef REMOVED_WHILE_NOT_IN_USE
-        sipUaFinalize(&pAppidActiveConfig->detectorSipConfig);
-        ssl_detector_process_patterns(&pAppidActiveConfig->serviceSslConfig);
-#endif
-        dns_host_detector_process_patterns(&pAppidActiveConfig->serviceDnsConfig);
-        portPatternFinalize(pAppidActiveConfig);
-        ClientAppFinalize(pAppidActiveConfig);
-        ServiceFinalize(pAppidActiveConfig);
-        appIdStatsInit(mod_config);
-        ThirdPartyAppIDInit(mod_config);
-
-        show();
-
-        // FIXIT - do we still need to support this?
-        if (pAppidActiveConfig->mod_config->dump_ports)
-        {
-            dumpPorts(stdout, pAppidActiveConfig);
-            appInfoTableDump(pAppidActiveConfig);
-            exit(0);
-        }
-
-#ifdef DEBUG_APP_COMMON
-        DisplayPortConfig(pAppidActiveConfig);
-#endif
-        if (AppIdServiceStateInit(mod_config->memcap))
-            exit(-1);
-        config_state = RNA_FW_CONFIG_STATE_INIT;
-        return true;
-    }
-
-    return false;
+       map_app_names_to_snort_ids();
+
+       appIdPolicyId = 53;
+       // FIXIT - active config must be per Inspector instance...not this global...
+       pAppidActiveConfig = this;
+       InitNetmasks(app_id_netmasks);
+       init_appid_info_table(mod_config->app_detector_dir);
+       sflist_init(&pAppidActiveConfig->client_app_args);
+       load_analysis_config(mod_config->conf_file, 0, mod_config->instance_id);
+       read_port_detectors(ODP_PORT_DETECTORS);
+       read_port_detectors(CUSTOM_PORT_DETECTORS);
+
+       ThirdPartyAppIDInit(mod_config);
+
+       show();
+
+       if ( mod_config->dump_ports )
+       {
+               dumpPorts(stdout);
+               display_port_config();
+               dump_app_info_table();
+               exit(0);
+       }
+
+       return true;
 }
 
-static void ConfigItemFree(ConfigItem* ci)
+static void free_config_items(ConfigItem* ci)
 {
     if (ci)
     {
@@ -849,96 +707,44 @@ static void ConfigItemFree(ConfigItem* ci)
     }
 }
 
-static void cleanup_config(AppIdConfig* pConfig)
+void free_port_exclusion_list( SF_LIST** pe_list )
 {
-    NetworkSet* net_list;          ///< list of network sets
-    unsigned int i;
-    while ((net_list = pConfig->net_list_list))
-    {
-        pConfig->net_list_list = net_list->next;
-        NetworkSet_Destroy(net_list);
-    }
-
-    /* clean up any port exclusions that have been allocated */
-    for ( i=0; i<APP_ID_PORT_ARRAY_SIZE; i++ )
+    for ( unsigned i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++ )
     {
-        if ( pConfig->tcp_port_exclusions_src[i] != nullptr )
+        if ( pe_list[i] != nullptr )
         {
-            sflist_free_all(pConfig->tcp_port_exclusions_src[i], &snort_free);
-            pConfig->tcp_port_exclusions_src[i] = nullptr;
-        }
-        if ( pConfig->tcp_port_exclusions_dst[i] != nullptr )
-        {
-            sflist_free_all(pConfig->tcp_port_exclusions_dst[i], &snort_free);
-            pConfig->tcp_port_exclusions_dst[i] = nullptr;
-        }
-        if ( pConfig->udp_port_exclusions_src[i] != nullptr )
-        {
-            sflist_free_all(pConfig->udp_port_exclusions_src[i], &snort_free);
-            pConfig->udp_port_exclusions_src[i] = nullptr;
-        }
-        if ( pConfig->udp_port_exclusions_dst[i] != nullptr )
-        {
-            sflist_free_all(pConfig->udp_port_exclusions_dst[i], &snort_free);
-            pConfig->udp_port_exclusions_dst[i] = nullptr;
+            sflist_free_all(pe_list[i], &snort_free);
+            pe_list[i] = nullptr;
         }
     }
+}
 
-    pConfig->net_list = nullptr;
+void AppIdConfig::cleanup()
+{
 
-    if (pConfig->CHP_glossary)
-    {
-        sfxhash_delete(pConfig->CHP_glossary);
-        pConfig->CHP_glossary = nullptr;
-    }
+    if (thirdparty_appid_module != nullptr)
+        thirdparty_appid_module->print_stats();
+    ThirdPartyAppIDFini();
 
-    if (pConfig->AF_indicators)
-    {
-        sfxhash_delete(pConfig->AF_indicators);
-        pConfig->AF_indicators = nullptr;
-    }
+    cleanup_appid_info_table();
 
-    if (pConfig->AF_actives)
+    NetworkSet* net_list;          ///< list of network sets
+    while ((net_list = net_list_list))
     {
-        sfxhash_delete(pConfig->AF_actives);
-        pConfig->AF_actives = nullptr;
+        net_list_list = net_list->next;
+        NetworkSet_Destroy(net_list);
     }
 
-    memset(pConfig->net_list_by_zone, 0, sizeof(pConfig->net_list_by_zone));
-
-    sflist_static_free_all(&pConfig->client_app_args, (void (*)(void*))ConfigItemFree);
-}
+    free_port_exclusion_list(tcp_port_exclusions_src);
+    free_port_exclusion_list(tcp_port_exclusions_dst);
+    free_port_exclusion_list(udp_port_exclusions_src);
+    free_port_exclusion_list(udp_port_exclusions_dst);
 
-int AppIdConfig::cleanup(void)
-{
-    if (config_state == RNA_FW_CONFIG_STATE_INIT)
-    {
-        config_state = RNA_FW_CONFIG_STATE_PENDING;
-        if (thirdparty_appid_module != nullptr)
-            thirdparty_appid_module->print_stats();
-        ThirdPartyAppIDFini();
-
-        cleanup_config(pAppidActiveConfig);
-        CleanupServices(pAppidActiveConfig);
-        CleanupClientApp(pAppidActiveConfig);
-        LuaDetectorModuleManager::luaModuleFini();
-        hostPortAppCacheFini(pAppidActiveConfig);
-        lengthAppCacheFini(pAppidActiveConfig);
-        AppIdServiceStateCleanup();
-        appIdStatsFini();
-        fwAppIdFini(pAppidActiveConfig);
-        http_detector_clean(&pAppidActiveConfig->detectorHttpConfig);
-#ifdef REMOVED_WHILE_NOT_IN_USE
-        service_ssl_clean(&pAppidActiveConfig->serviceSslConfig);
-#endif
-        service_dns_host_clean(&pAppidActiveConfig->serviceDnsConfig);
-        config_state = RNA_FW_CONFIG_STATE_UNINIT;
-        return 0;
-    }
-    return -1;
+    memset(net_list_by_zone, 0, sizeof(net_list_by_zone));
+    sflist_static_free_all(&client_app_args, (void (*)(void*))free_config_items);
 }
 
-static void DisplayPortExclusionList(SF_LIST* pe_list, uint16_t port)
+static void display_port_exclusion_list(SF_LIST* pe_list, uint16_t port)
 {
     const char* p;
     const char* p2;
@@ -1035,23 +841,22 @@ void AppIdConfig::show()
 
     LogMessage("    Excluded TCP Ports for Src:\n");
     for (i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++)
-        DisplayPortExclusionList(tcp_port_exclusions_src[i], i);
+        display_port_exclusion_list(tcp_port_exclusions_src[i], i);
 
     LogMessage("    Excluded TCP Ports for Dst:\n");
     for (i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++)
-        DisplayPortExclusionList(tcp_port_exclusions_dst[i], i);
+        display_port_exclusion_list(tcp_port_exclusions_dst[i], i);
 
     LogMessage("    Excluded UDP Ports Src:\n");
     for (i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++)
-        DisplayPortExclusionList(udp_port_exclusions_src[i], i);
+        display_port_exclusion_list(udp_port_exclusions_src[i], i);
 
     LogMessage("    Excluded UDP Ports Dst:\n");
     for (i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++)
-        DisplayPortExclusionList(udp_port_exclusions_dst[i], i);
+        display_port_exclusion_list(udp_port_exclusions_dst[i], i);
 }
 
-#ifdef DEBUG_APP_COMMON
-static void DisplayPortConfig(AppIdConfig* aic)
+void AppIdConfig::display_port_config()
 {
     unsigned i;
     int first;
@@ -1085,5 +890,3 @@ static void DisplayPortConfig(AppIdConfig* aic)
     }
 }
 
-#endif
-

diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h
index 58c0bd4e4c86f1d96bbf3f98dc78f36e6f510bed..ea40180e473e15cfd46467cbf01ecf823f0f1c18 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -42,8 +42,6 @@
 struct NetworkSet;
 struct AppInfoTableEntry;
 struct DynamicArray;
-struct ServicePortPattern;
-struct ClientPortPattern;
 struct SFGHASH;
 struct SFXHASH;
 
@@ -71,7 +69,6 @@ struct AppidGenericConfigItem
     void* pData;    ///< Module configuration data
 };
 
-// FIXIT - these values come from struct AppidStaticConfig...that should go away when this all works
 class AppIdModuleConfig
 {
 public:
@@ -79,7 +76,7 @@ public:
     ~AppIdModuleConfig();
 
     const char* conf_file = nullptr;
-    const char* app_stats_filename = nullptr;
+    bool stats_logging_enabled = false;
     unsigned long app_stats_period = 0;
     unsigned long app_stats_rollover_size = 0;
     unsigned long app_stats_rollover_time = 0;
@@ -122,7 +119,7 @@ public:
     ~AppIdConfig() { cleanup(); }
 
     bool init_appid();
-    int cleanup(void);
+    void cleanup();
     void show();
 
     void set_safe_search_enforcement(int enabled);
@@ -146,36 +143,9 @@ public:
     SF_LIST* udp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
     SF_LIST* tcp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
     SF_LIST* udp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
-    SFXHASH* CHP_glossary = nullptr;      // keep track of http multipatterns here
-    SFXHASH* AF_indicators = nullptr;     // App Forecasting list of "indicator apps"
-    SFXHASH* AF_actives = nullptr;        // App Forecasting list of hosts to watch for forecast apps
-    AppInfoTableEntry* AppInfoList = nullptr;
-    AppInfoTableEntry* AppInfoTable[SF_APPID_MAX] = { nullptr };
-    AppInfoTableEntry* AppInfoTableByService[SF_APPID_MAX] = { nullptr };
-    AppInfoTableEntry* AppInfoTableByClient[SF_APPID_MAX] = { nullptr };
-    AppInfoTableEntry* AppInfoTableByPayload[SF_APPID_MAX] = { nullptr };
-    DynamicArray* AppInfoTableDyn  = nullptr;
-    SFGHASH* AppNameHash = nullptr;
-    SFXHASH* hostPortCache = nullptr;
-    SFXHASH* lengthCache = nullptr;
-    DetectorHttpConfig detectorHttpConfig;  // HTTP detector configuration
-    DetectorSipConfig detectorSipConfig;    // SIP detector configuration
-    ServiceConfig serviceConfig;            // Common configuration for all services
-    ServiceSslConfig serviceSslConfig;      // SSL service configuration
-    ServiceDnsConfig serviceDnsConfig;      // DNS service configuration
-    ClientAppConfig clientAppConfig;        // Common configuration for all client applications
-    HttpPatternLists httpPatternLists;
-    ServicePortPattern* servicePortPattern = nullptr;
-    ClientPortPattern* clientPortPattern = nullptr;
-    SF_LIST genericConfigList;                      ///< List of AppidGenericConfigItem structures
     AppIdModuleConfig* mod_config;
 
 private:
-    int init_AF_indicators();
-    int init_AF_actives();
-    int init_CHP_glossary();
-    void load_modules(uint32_t instance_id);
-    void finalize_pattern_modules();
     void read_port_detectors(const char* files);
     void configure_analysis_networks(char* toklist[], uint32_t flag);
     int add_port_exclusion(SF_LIST* port_exclusions[], const ip::snort_in6_addr* ip,
@@ -183,8 +153,7 @@ private:
     void process_port_exclusion(char* toklist[]);
     void process_config_directive(char* toklist[], int /* reload */);
     int load_analysis_config(const char* config_file, int reload, int instance_id);
-
-    RnaFwConfigState config_state = RNA_FW_CONFIG_STATE_UNINIT;
+    void display_port_config();
 };
 
 // FIXIT - this global needs to go asap... just here now to compile while doing some major config refactoring

diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc
index 556bcc1ef94de7efb538d1696f2c06dd468cac69..5027af236d4e15c6f84ea96821e67c70caca3fa9 100644 (file)
--- a/src/network_inspectors/appid/appid_inspector.cc
+++ b/src/network_inspectors/appid/appid_inspector.cc
@@ -25,13 +25,36 @@
 #include "config.h"
 #endif
 
+#include "main/thread.h"
 #include "profiler/profiler.h"
+#include "appid_stats.h"
 #include "appid_session.h"
 #include "fw_appid.h"
-
-//-------------------------------------------------------------------------
-// class stuff
-//-------------------------------------------------------------------------
+#include "lua_detector_module.h"
+#include "lua_detector_api.h"
+#include "host_port_app_cache.h"
+#include "app_forecast.h"
+#include "service_plugins/service_base.h"
+#include "service_plugins/service_ssl.h"
+#include "client_plugins/client_app_base.h"
+#include "detector_plugins/detector_base.h"
+#include "detector_plugins/detector_dns.h"
+#include "detector_plugins/detector_http.h"
+#include "detector_plugins/detector_sip.h"
+#include "detector_plugins/detector_pattern.h"
+
+THREAD_LOCAL LuaDetectorManager* lua_detector_mgr;
+
+static void dump_appid_stats()
+{
+    LogMessage("Application Identification Preprocessor:\n");
+    LogMessage("   Total packets received : %lu\n", appid_stats.packets);
+    LogMessage("  Total packets processed : %lu\n", appid_stats.processed_packets);
+    if (thirdparty_appid_module)
+        thirdparty_appid_module->print_stats();
+    LogMessage("    Total packets ignored : %lu\n", appid_stats.ignored_packets);
+    AppIdServiceStateDumpStats();
+}
 
 AppIdInspector::AppIdInspector(const AppIdModuleConfig* pc)
 {
@@ -43,6 +66,7 @@ AppIdInspector::~AppIdInspector()
 {
     if(config->debug)
         dump_appid_stats();
+
     delete active_config;
     delete config;
 }
@@ -73,7 +97,7 @@ void AppIdInspector::show(SnortConfig*)
     LogMessage("AppId Configuration\n");
 
     LogMessage("    Detector Path:          %s\n", config->app_detector_dir);
-    LogMessage("    appStats Files:         %s\n", config->app_stats_filename);
+    LogMessage("    appStats Logging:       %s\n", config->stats_logging_enabled ? "enabled" : "disabled");
     LogMessage("    appStats Period:        %lu secs\n", config->app_stats_period);
     LogMessage("    appStats Rollover Size: %lu bytes\n",
         config->app_stats_rollover_size);
@@ -82,6 +106,62 @@ void AppIdInspector::show(SnortConfig*)
     LogMessage("\n");
 }
 
+void AppIdInspector::tinit()
+{
+    init_appid_statistics(config);
+    hostPortAppCacheInit();
+    init_dynamic_app_info_table();
+    init_appid_forecast();
+    init_http_detector();
+    init_service_plugins();
+    init_client_plugins();
+    init_detector_plugins();
+    init_CHP_glossary();
+    init_length_app_cache();
+
+    lua_detector_mgr = new LuaDetectorManager;
+    lua_detector_mgr->LoadLuaModules(pAppidActiveConfig);
+    lua_detector_mgr->luaModuleInitAllClients();
+    lua_detector_mgr->luaModuleInitAllServices();
+    lua_detector_mgr->FinalizeLuaModules();
+    if(config->debug && list_lua_detectors)
+    {
+        lua_detector_mgr->list_lua_detectors();
+        list_lua_detectors = false;
+    }
+
+    finalize_service_port_patterns();
+    finalize_client_port_patterns();
+    finalize_service_patterns();
+    finalize_client_plugins();
+    finalize_http_detector();
+    finalize_sip_ua();
+    ssl_detector_process_patterns();
+    dns_host_detector_process_patterns();
+
+    if (init_service_state(config->memcap))
+        exit(-1);
+}
+
+void AppIdInspector::tterm()
+{
+    hostPortAppCacheFini();
+    clean_appid_forecast();
+    service_dns_host_clean();
+    service_ssl_clean();
+    clean_service_plugins();
+    clean_client_plugins();
+    clean_http_detector();
+    free_CHP_glossary();
+    free_length_app_cache();
+    free_dynamic_app_info_table();
+
+    AppIdSession::release_free_list_flow_data();
+    delete lua_detector_mgr;
+    clean_service_state();
+    cleanup_appid_statistics();
+}
+
 void AppIdInspector::eval(Packet* pkt)
 {
     Profile profile(appidPerfStats);

diff --git a/src/network_inspectors/appid/appid_inspector.h b/src/network_inspectors/appid/appid_inspector.h
index 0b4d53d7658c3f2d9be37a8480f1fd50b16be37a..364d8eb25f06a4d602330c4a5653438d8dff46ef 100644 (file)
--- a/src/network_inspectors/appid/appid_inspector.h
+++ b/src/network_inspectors/appid/appid_inspector.h
@@ -36,6 +36,8 @@ public:
 
     bool configure(SnortConfig*) override;
     void show(SnortConfig*) override;
+    void tinit() override;
+    void tterm() override;
     void eval(Packet*) override;
 
     AppIdConfig* get_active_config()
@@ -47,6 +49,7 @@ private:
 
     const AppIdModuleConfig* config = nullptr;
     AppIdConfig* active_config = nullptr;
+    bool list_lua_detectors = true;
 };
 
 void httpHeaderCallback(Packet*, HttpParsedHeaders* const);

diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index d5db3cbb32e9c1f64f009d5b67455c1b1a258d38..dcd32fe655c3cb2e53520de4a22e4ede383ce560 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -92,8 +92,8 @@ static const Parameter s_params[] =
       "RNA configuration file" },
     { "memcap", Parameter::PT_INT, "1048576:3221225472", "268435456",
       "time period for collecting and logging AppId statistics" },
-    { "app_stats_filename", Parameter::PT_STRING, nullptr, nullptr,
-      "Filename for logging AppId statistics" },
+    { "log_stats", Parameter::PT_BOOL, nullptr, "false",
+      "enable logging of AppId statistics" },
     { "app_stats_period", Parameter::PT_INT, "0:", "300",
       "time period for collecting and logging AppId statistics" },
     { "app_stats_rollover_size", Parameter::PT_INT, "0:", "20971520",
@@ -151,8 +151,8 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*)
         config->conf_file = snort_strdup(v.get_string());
     else if ( v.is("memcap") )
         config->memcap = v.get_long();
-    else if ( v.is("app_stats_filename") )
-        config->app_stats_filename = snort_strdup(v.get_string());
+    else if ( v.is("log_stats") )
+        config->stats_logging_enabled = v.get_bool();
     else if ( v.is("app_stats_period") )
         config->app_stats_period = v.get_long();
     else if ( v.is("app_stats_rollover_size") )

diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h
index e64614d3d3745773837972c4f8b646c2872e5f93..8a72f84264964134197d1b85c9d49f66ff6d8268 100644 (file)
--- a/src/network_inspectors/appid/appid_module.h
+++ b/src/network_inspectors/appid/appid_module.h
@@ -28,10 +28,6 @@
 
 extern THREAD_LOCAL ProfileStats appidPerfStats;
 
-//-------------------------------------------------------------------------
-// stream module
-//-------------------------------------------------------------------------
-
 #define MOD_NAME "appid"
 #define MOD_HELP "application and service identification"
 

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index e3367ec5db16ffa9797d5fa1224acfe01b63773f..8b7fe30688a6ddcf35c034fcfa8e307cea38b953 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -51,7 +51,7 @@ ProfileStats clientMatchPerfStats;
 ProfileStats serviceMatchPerfStats;
 
 unsigned AppIdSession::flow_id = 0;
-static AppIdFlowData* fd_free_list;
+static THREAD_LOCAL AppIdFlowData* fd_free_list;
 
 static volatile int app_id_debug_flag;
 static FWDebugSessionConstraints app_id_debug_info;
@@ -443,7 +443,8 @@ AppIdSession::AppIdSession(IpProtocol proto, const sfip_t* ip) : FlowData(flow_i
 
 AppIdSession::~AppIdSession()
 {
-    delete_shared_data();
+       if( !in_expected_cache)
+               delete_shared_data();
 }
 
 // FIXIT-L X Move this to somewhere more generally available/appropriate.
@@ -497,9 +498,6 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const s
             LogMessage("AppIdDbg %s failed to create a related flow for %s-%u -> %s-%u %u\n",
                 app_id_debug_session, src_ip, (unsigned)cliPort, dst_ip,
                                (unsigned)srvPort, (unsigned)proto);
-        // FIXIT-M: this deletes data on just allocated session, probably isn't any, should this
-        //          be delete of data in parent session?
-        session->delete_shared_data();
         delete session;
         return nullptr;
     }
@@ -508,6 +506,8 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const s
             app_id_debug_session, src_ip, (unsigned)cliPort, dst_ip,
                        (unsigned)srvPort, (unsigned)proto);
 
+    session->in_expected_cache = true;
+
     return session;
 }
 
@@ -577,14 +577,14 @@ void AppIdSession::reinit_shared_data()
         APPID_SESSION_SSL_SESSION|APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT);
 }
 
-int AppIdSession::exec_client_detectors(Packet* p, int direction, AppIdConfig* pConfig)
+int AppIdSession::exec_client_detectors(Packet* p, int direction)
 {
     int ret = CLIENT_APP_INPROCESS;
 
     if (rna_client_data != nullptr)
     {
-        ret = rna_client_data->validate(p->data, p->dsize, direction,
-            this, p, rna_client_data->userData, pConfig);
+        ret = rna_client_data->validate(p->data, p->dsize, direction, this, p,
+                rna_client_data->userData);
         if (app_id_debug_session_flag)
             LogMessage("AppIdDbg %s %s client detector returned %d\n", app_id_debug_session,
                 rna_client_data->name ? rna_client_data->name : "UNKNOWN", ret);
@@ -603,8 +603,7 @@ int AppIdSession::exec_client_detectors(Packet* p, int direction, AppIdConfig* p
             SF_LNODE* node_tmp;
 
             client = (RNAClientAppModule*)node->ndata;
-            result = client->validate(p->data, p->dsize, direction,
-                this, p, client->userData, pConfig);
+            result = client->validate(p->data, p->dsize, direction, this, p, client->userData);
             if (app_id_debug_session_flag)
                 LogMessage("AppIdDbg %s %s client detector returned %d\n", app_id_debug_session,
                     client->name ? client->name : "UNKNOWN", result);
@@ -677,6 +676,7 @@ bool AppIdSession::is_packet_ignored(Packet* p)
 
     return false;
 }
+
 #ifdef REMOVED_WHILE_NOT_IN_USE
 static int ptype_scan_counts[NUMBER_OF_PTYPES];
 
@@ -688,7 +688,6 @@ void AppIdSession::ProcessThirdPartyResults(Packet* p, int confidence,
     AppId client_app_id = 0;
     AppId payload_app_id = 0;
     AppId referred_payload_app_id = 0;
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
     if (ThirdPartyAppIDFoundProto(APP_ID_EXCHANGE, proto_list))
     {
@@ -1095,10 +1094,10 @@ void AppIdSession::ProcessThirdPartyResults(Packet* p, int confidence,
             {
                 if (((getAppIdFromUrl(nullptr, hsession->url, nullptr,
                     hsession->referer, &client_app_id, &serviceAppId,
-                    &payload_app_id, &referred_payload_app_id, 1, &pConfig->detectorHttpConfig)) ||
+                    &payload_app_id, &referred_payload_app_id, 1)) ||
                     (getAppIdFromUrl(nullptr, hsession->url, nullptr,
                     hsession->referer, &client_app_id, &serviceAppId,
-                    &payload_app_id, &referred_payload_app_id, 0, &pConfig->detectorHttpConfig))) == 1)
+                    &payload_app_id, &referred_payload_app_id, 0))) == 1)
                 {
                     // do not overwrite a previously-set client or service
                     if (client_app_id <= APP_ID_NONE)
@@ -1237,7 +1236,7 @@ bool AppIdSession::do_third_party_discovery(IpProtocol protocol, const sfip_t* i
                 if (app_id_debug_session_flag)
                     LogMessage("AppIdDbg %s 3rd party returned %d\n", app_id_debug_session, tp_app_id);
 
-                if (appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_IGNORE, pConfig))
+                if (appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_IGNORE))
                 {
                     if (app_id_debug_session_flag)
                         LogMessage("AppIdDbg %s 3rd party ignored\n", app_id_debug_session);
@@ -1258,7 +1257,7 @@ bool AppIdSession::do_third_party_discovery(IpProtocol protocol, const sfip_t* i
                     is_http2 = true;
                 }
                 // if the third-party appId must be treated as a client, do it now
-                if (appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_TP_CLIENT, pAppidActiveConfig))
+                if (appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_TP_CLIENT))
                     client_app_id = tp_app_id;
 
                 ProcessThirdPartyResults(p, tp_confidence, tp_proto_list, tp_attribute_data);
@@ -1287,17 +1286,17 @@ bool AppIdSession::do_third_party_discovery(IpProtocol protocol, const sfip_t* i
             if (tp_app_id > APP_ID_NONE
                     && (!getAppIdFlag(APPID_SESSION_APP_REINSPECT) || payload_app_id > APP_ID_NONE))
             {
-                AppId snorAppId;
+                AppId snort_app_id;
                 // if the packet is HTTP, then search for via pattern
                 if (getAppIdFlag(APPID_SESSION_HTTP_SESSION) && hsession)
                 {
-                    snorAppId = APP_ID_HTTP;
+                    snort_app_id = APP_ID_HTTP;
                     //data should never be APP_ID_HTTP
                     if (tp_app_id != APP_ID_HTTP)
                         tp_payload_app_id = tp_app_id;
 
                     tp_app_id = APP_ID_HTTP;
-                    processHTTPPacket(p, direction, nullptr, pAppidActiveConfig);
+                    processHTTPPacket(p, direction, nullptr);
                     if (TPIsAppIdAvailable(tpsession) && tp_app_id == APP_ID_HTTP
                             && !getAppIdFlag(APPID_SESSION_APP_REINSPECT))
                     {
@@ -1321,7 +1320,7 @@ bool AppIdSession::do_third_party_discovery(IpProtocol protocol, const sfip_t* i
                 }
                 else if (getAppIdFlag(APPID_SESSION_SSL_SESSION) && tsession)
                 {
-                    examine_ssl_metadata(p, pConfig);
+                    examine_ssl_metadata(p);
                     uint16_t serverPort;
                     AppId porAppId;
                     serverPort = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.dp : p->ptrs.sp;
@@ -1343,15 +1342,15 @@ bool AppIdSession::do_third_party_discovery(IpProtocol protocol, const sfip_t* i
                         if (app_id_debug_session_flag)
                             LogMessage("AppIdDbg %s SSL is %d\n", app_id_debug_session, tp_app_id);
                     }
-                    snorAppId = APP_ID_SSL;
+                    snort_app_id = APP_ID_SSL;
                 }
                 else
                 {
                     //for non-http protocols, tp id is treated like serviceId
-                    snorAppId = tp_app_id;
+                    snort_app_id = tp_app_id;
                 }
 
-                sync_with_snort_id(snorAppId, p, pConfig);
+                sync_with_snort_id(snort_app_id, p);
             }
             else
             {
@@ -1421,7 +1420,7 @@ bool AppIdSession::do_service_discovery(IpProtocol protocol, int direction, AppI
                 {
                     //tp has positively identified appId, Dig deeper only if sourcefire
                     // detector identifies additional information or flow is UDP reveresed.
-                    if ((entry = appInfoEntryGet(tp_app_id, pConfig)) && entry->svrValidator
+                    if ((entry = appInfoEntryGet(tp_app_id)) && entry->svrValidator
                             && ((entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL)
                                     || ((entry->flags & APPINFO_FLAG_SERVICE_UDP_REVERSED)
                                             && protocol == IpProtocol::UDP
@@ -1449,7 +1448,7 @@ bool AppIdSession::do_service_discovery(IpProtocol protocol, int direction, AppI
         TPIsAppIdAvailable(tpsession) &&
         tp_app_id > APP_ID_NONE && tp_app_id < SF_APPID_MAX)
         {
-            entry = appInfoEntryGet(tp_app_id, pConfig);
+            entry = appInfoEntryGet(tp_app_id);
             if (entry && entry->svrValidator && !(entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL))
             {
                 if (app_id_debug_session_flag)
@@ -1470,20 +1469,19 @@ bool AppIdSession::do_service_discovery(IpProtocol protocol, int direction, AppI
                     && dsession && dsession->host)
             {
                 size_t size = dsession->host_len;
-                dns_host_scan_hostname((const uint8_t*) (dsession->host), size, &ClientAppId, &payloadAppId,
-                        &pConfig->serviceDnsConfig);
+                dns_host_scan_hostname((const uint8_t*) (dsession->host), size, &ClientAppId, &payloadAppId);
                 set_client_app_id_data(ClientAppId, nullptr);
             }
             else if (serviceAppId == APP_ID_RTMP)
                 examine_rtmp_metadata();
             else if (getAppIdFlag(APPID_SESSION_SSL_SESSION) && tsession)
-                examine_ssl_metadata(p, pConfig);
+                examine_ssl_metadata(p);
 
             if (tp_app_id <= APP_ID_NONE && getAppIdFlag(APPID_SESSION_SERVICE_DETECTED |
             APPID_SESSION_NOT_A_SERVICE | APPID_SESSION_IGNORE_HOST) ==
             APPID_SESSION_SERVICE_DETECTED)
             {
-                sync_with_snort_id(serviceAppId, p, pConfig);
+                sync_with_snort_id(serviceAppId, p);
             }
         }
     }
@@ -1494,7 +1492,6 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
 {
     bool isTpAppidDiscoveryDone = false;
     AppInfoTableEntry* entry;
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
     if (rna_client_state != RNA_STATE_FINISHED)
     {
@@ -1511,7 +1508,7 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
             else if (TPIsAppIdAvailable(tpsession) && ( tp_app_id > APP_ID_NONE )
                     && ( tp_app_id < SF_APPID_MAX ) )
             {
-                entry = appInfoEntryGet(tp_app_id, pConfig);
+                entry = appInfoEntryGet(tp_app_id);
                 if ( entry && entry->clntValidator
                      && ( ( entry->flags & APPINFO_FLAG_CLIENT_ADDITIONAL )
                            || ( ( entry->flags & APPINFO_FLAG_CLIENT_USER)
@@ -1538,7 +1535,7 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
                 && rna_client_state == prevRnaClientState && !getAppIdFlag(APPID_SESSION_NO_TPI)
                 && TPIsAppIdAvailable(tpsession) && tp_app_id > APP_ID_NONE && tp_app_id < SF_APPID_MAX)
         {
-            entry = appInfoEntryGet(tp_app_id, pConfig);
+            entry = appInfoEntryGet(tp_app_id);
             if (!(entry && entry->clntValidator && entry->clntValidator == rna_client_data
                     && (entry->flags & (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER))))
             {
@@ -1554,13 +1551,13 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
                 /* get out if we've already tried to validate a client app */
                 if (!getAppIdFlag(APPID_SESSION_CLIENT_DETECTED))
                 {
-                    ret = exec_client_detectors(p, direction, pConfig);
+                    ret = exec_client_detectors(p, direction);
                 }
             }
             else if (rnaServiceState != RNA_STATE_STATEFUL
                     && getAppIdFlag(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))
             {
-                ret = exec_client_detectors(p, direction, pConfig);
+                ret = exec_client_detectors(p, direction);
             }
 
             switch (ret)
@@ -1574,7 +1571,7 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
         }
         else if (rna_client_state == RNA_STATE_STATEFUL)
         {
-            AppIdDiscoverClientApp(p, direction, this, pConfig);
+            AppIdDiscoverClientApp(p, direction, this);
             isTpAppidDiscoveryDone = true;
             if (candidate_client_list != nullptr)
             {
@@ -1585,11 +1582,11 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
                     {
                         /* get out if we've already tried to validate a client app */
                         if (!getAppIdFlag(APPID_SESSION_CLIENT_DETECTED))
-                            ret = exec_client_detectors(p, direction, pConfig);
+                            ret = exec_client_detectors(p, direction);
                     }
                     else if (rnaServiceState != RNA_STATE_STATEFUL
                             && getAppIdFlag(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))
-                        ret = exec_client_detectors(p, direction, pConfig);
+                        ret = exec_client_detectors(p, direction);
 
                     if (ret < 0)
                         setAppIdFlag(APPID_SESSION_CLIENT_DETECTED);
@@ -1604,7 +1601,7 @@ bool AppIdSession::do_client_discovery(int direction, Packet* p)
                 LogMessage("AppIdDbg %s Got a preface for HTTP/2\n", app_id_debug_session);
 
         if (!was_service && getAppIdFlag(APPID_SESSION_SERVICE_DETECTED))
-            sync_with_snort_id(serviceAppId, p, pConfig);
+            sync_with_snort_id(serviceAppId, p);
     }
 
     return isTpAppidDiscoveryDone;
@@ -1649,6 +1646,8 @@ void AppIdSession::do_application_discovery(Packet* p)
         else
             direction = (sfip_fast_equals_raw(ip, &session->common.initiator_ip)) ?
                 APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER;
+
+        session->in_expected_cache = false;
     }
     else
     {
@@ -1812,7 +1811,7 @@ void AppIdSession::do_application_discovery(Packet* p)
             port = p->ptrs.sp;
         }
 
-        if ((hv = hostPortAppCacheFind(ip, port, protocol, pConfig)))
+        if ((hv = hostPortAppCacheFind(ip, port, protocol)))
         {
             switch (hv->type)
             {
@@ -1825,7 +1824,7 @@ void AppIdSession::do_application_discovery(Packet* p)
                 break;
             default:
                 session->serviceAppId = hv->appId;
-                session->sync_with_snort_id(hv->appId, p, pConfig);
+                session->sync_with_snort_id(hv->appId, p);
                 session->rnaServiceState = RNA_STATE_FINISHED;
                 session->rna_client_state = RNA_STATE_FINISHED;
                 session->setAppIdFlag(APPID_SESSION_SERVICE_DETECTED);
@@ -1905,7 +1904,7 @@ void AppIdSession::do_application_discovery(Packet* p)
         session->length_sequence.sequence_cnt++;
         session->length_sequence.sequence[index].direction = direction;
         session->length_sequence.sequence[index].length    = p->dsize;
-        session->portServiceAppId = lengthAppCacheFind(&session->length_sequence, pConfig);
+        session->portServiceAppId = find_length_app_cache(&session->length_sequence);
         if (session->portServiceAppId > APP_ID_NONE)
             session->setAppIdFlag(APPID_SESSION_PORT_SERVICE_DONE);
     }
@@ -1919,14 +1918,14 @@ void AppIdSession::do_application_discovery(Packet* p)
             session->dsession && session->dsession->host )
         {
             size_t size = session->dsession->host_len;
-            dns_host_scan_hostname((const uint8_t*)session->dsession->host, size, &ClientAppId,
-                &payloadAppId, &pConfig->serviceDnsConfig);
+            dns_host_scan_hostname((const uint8_t*)session->dsession->host, size,
+                       &ClientAppId, &payloadAppId);
             session->set_client_app_id_data(ClientAppId, nullptr);
         }
         else if (session->serviceAppId == APP_ID_RTMP)
             session->examine_rtmp_metadata();
         else if (session->getAppIdFlag(APPID_SESSION_SSL_SESSION) && session->tsession)
-            session->examine_ssl_metadata(p, pConfig);
+            session->examine_ssl_metadata(p);
     }
     else if (protocol != IpProtocol::TCP || !p->dsize || (p->packet_flags & PKT_STREAM_ORDER_OK))
     {
@@ -1971,7 +1970,7 @@ void AppIdSession::do_application_discovery(Packet* p)
     if (session->search_support_type == SEARCH_SUPPORT_TYPE_UNKNOWN && payloadAppId > APP_ID_NONE)
     {
         uint flags = appInfoEntryFlagGet(payloadAppId, APPINFO_FLAG_SEARCH_ENGINE |
-            APPINFO_FLAG_SUPPORTED_SEARCH, pConfig);
+            APPINFO_FLAG_SUPPORTED_SEARCH);
         session->search_support_type =
             (flags & APPINFO_FLAG_SEARCH_ENGINE) ?
             ((flags & APPINFO_FLAG_SUPPORTED_SEARCH) ? SUPPORTED_SEARCH_ENGINE :
@@ -1998,13 +1997,13 @@ void AppIdSession::do_application_discovery(Packet* p)
         if ( payloadAppId != APP_ID_NONE && payloadAppId != session->pastIndicator)
         {
             session->pastIndicator = payloadAppId;
-            checkSessionForAFIndicator(p, direction, pConfig, (ApplicationId)payloadAppId);
+            checkSessionForAFIndicator(p, direction, (ApplicationId)payloadAppId);
         }
 
         if (session->payload_app_id == APP_ID_NONE && session->pastForecast != serviceAppId &&
             session->pastForecast != APP_ID_UNKNOWN)
         {
-            session->pastForecast = checkSessionForAFForecast(session, p, direction, pConfig,
+            session->pastForecast = checkSessionForAFForecast(session, p, direction,
                 (ApplicationId)serviceAppId);
         }
     }
@@ -2046,7 +2045,7 @@ static inline int checkPortExclusion(const Packet* pkt, int reversed)
 
     /* check the source port */
     port = reversed ? pkt->ptrs.dp : pkt->ptrs.sp;
-    if ( port && (pe_list=src_port_exclusions[port]) != nullptr )
+    if ( port && (pe_list = src_port_exclusions[port]) != nullptr )
     {
         s_ip = reversed ? pkt->ptrs.ip_api.get_dst() : pkt->ptrs.ip_api.get_src();
 
@@ -2436,14 +2435,13 @@ void AppIdSession::update_encrypted_app_id(AppId serviceAppId)
 
 void AppIdSession::set_client_app_id_data(AppId clientAppId, char** version)
 {
-    AppIdConfig* pConfig = pAppidActiveConfig;
     if (clientAppId <= APP_ID_NONE || clientAppId == APP_ID_HTTP)
         return;
 
     if (client_app_id != clientAppId)
     {
-        unsigned prev_priority = appInfoEntryPriorityGet(client_app_id, pConfig);
-        unsigned curr_priority = appInfoEntryPriorityGet(clientAppId, pConfig);
+        unsigned prev_priority = appInfoEntryPriorityGet(client_app_id);
+        unsigned curr_priority = appInfoEntryPriorityGet(clientAppId);
 
         if (pAppidActiveConfig->mod_config->instance_id)
             checkSandboxDetection(clientAppId);
@@ -2472,7 +2470,7 @@ void AppIdSession::set_client_app_id_data(AppId clientAppId, char** version)
     }
 }
 
-void AppIdSession::sync_with_snort_id(AppId newAppId, Packet* p, AppIdConfig* pConfig)
+void AppIdSession::sync_with_snort_id(AppId newAppId, Packet* p)
 {
     AppInfoTableEntry* entry;
     int16_t tempSnortId = snort_id;
@@ -2489,7 +2487,7 @@ void AppIdSession::sync_with_snort_id(AppId newAppId, Packet* p, AppIdConfig* pC
         return; // These preprocessors, in snort proper, already know and expect these to remain
                 // unchanged.
     }
-    if ((entry = appInfoEntryGet(newAppId, pConfig)) && (tempSnortId = entry->snortId))
+    if ((entry = appInfoEntryGet(newAppId)) && (tempSnortId = entry->snortId))
     {
         // Snort has a separate protocol ID for HTTP/2.  We don't.  So, when we
         // talk to them about it, we have to play by their rules.
@@ -2509,7 +2507,7 @@ void AppIdSession::sync_with_snort_id(AppId newAppId, Packet* p, AppIdConfig* pC
     }
 }
 
-void AppIdSession::examine_ssl_metadata(Packet* p, AppIdConfig* pConfig)
+void AppIdSession::examine_ssl_metadata(Packet* p)
 {
     size_t size;
     int ret;
@@ -2520,7 +2518,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppIdConfig* pConfig)
     {
         size = strlen(tsession->tls_host);
         if ((ret = ssl_scan_hostname((const uint8_t*)tsession->tls_host, size,
-                &clientAppId, &payload_app_id, &pConfig->serviceSslConfig)))
+                &clientAppId, &payload_app_id)))
         {
             set_client_app_id_data(clientAppId, nullptr);
             set_payload_app_id_data((ApplicationId)payload_app_id, nullptr);
@@ -2532,7 +2530,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppIdConfig* pConfig)
     {
         size = strlen(tsession->tls_cname);
         if ((ret = ssl_scan_cname((const uint8_t*)tsession->tls_cname, size,
-                &clientAppId, &payload_app_id, &pConfig->serviceSslConfig)))
+                &clientAppId, &payload_app_id)))
         {
             set_client_app_id_data(clientAppId, nullptr);
             set_payload_app_id_data((ApplicationId)payload_app_id, nullptr);
@@ -2545,7 +2543,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppIdConfig* pConfig)
     {
         size = strlen(tsession->tls_orgUnit);
         if ((ret = ssl_scan_cname((const uint8_t*)tsession->tls_orgUnit, size,
-                &clientAppId, &payload_app_id, &pConfig->serviceSslConfig)))
+                &clientAppId, &payload_app_id)))
         {
             set_client_app_id_data(clientAppId, nullptr);
             set_payload_app_id_data((ApplicationId)payload_app_id, nullptr);
@@ -2563,7 +2561,6 @@ void AppIdSession::examine_rtmp_metadata()
     AppId payloadAppId = 0;
     AppId referredPayloadAppId = 0;
     char* version = nullptr;
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
     if (!hsession)
         hsession = (httpSession*)snort_calloc(sizeof(httpSession));
@@ -2572,10 +2569,10 @@ void AppIdSession::examine_rtmp_metadata()
     {
         if (((getAppIdFromUrl(nullptr, hsession->url, &version,
             hsession->referer, &ClientAppId, &serviceAppId,
-            &payloadAppId, &referredPayloadAppId, 1, &pConfig->detectorHttpConfig)) ||
+            &payloadAppId, &referredPayloadAppId, 1)) ||
             (getAppIdFromUrl(nullptr, hsession->url, &version,
             hsession->referer, &ClientAppId, &serviceAppId,
-            &payloadAppId, &referredPayloadAppId, 0, &pConfig->detectorHttpConfig))) == 1)
+            &payloadAppId, &referredPayloadAppId, 0))) == 1)
         {
             /* do not overwrite a previously-set client or service */
             if (ClientAppId <= APP_ID_NONE)
@@ -2606,15 +2603,14 @@ void AppIdSession::set_referred_payload_app_id_data(AppId id)
 
 void AppIdSession::set_payload_app_id_data(ApplicationId id, char** version)
 {
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
     if (id <= APP_ID_NONE)
         return;
 
     if (payload_app_id != id)
     {
-        unsigned prev_priority = appInfoEntryPriorityGet(payload_app_id, pConfig);
-        unsigned curr_priority = appInfoEntryPriorityGet(id, pConfig);
+        unsigned prev_priority = appInfoEntryPriorityGet(payload_app_id);
+        unsigned curr_priority = appInfoEntryPriorityGet(id);
 
         if (pAppidActiveConfig->mod_config->instance_id)
             checkSandboxDetection(id);
@@ -2867,7 +2863,7 @@ void AppIdSession::delete_shared_data()
     RNAServiceSubtype* rna_service_subtype;
 
     /*check daq flag */
-    appIdStatsUpdate(this);
+    update_appid_statistics(this);
 
     if (flow)
         FailInProcessService(this, pAppidActiveConfig);
@@ -2912,9 +2908,6 @@ void AppIdSession::delete_shared_data()
 
     snort_free(firewallEarlyData);
     firewallEarlyData = nullptr;
-
-    // should be freed by flow
-    // appSharedDataFree(sharedData);
 }
 
 void AppIdSession::release_free_list_flow_data()
@@ -3056,8 +3049,8 @@ AppId AppIdSession::pick_service_app_id()
 
     if (getAppIdFlag(APPID_SESSION_SERVICE_DETECTED))
     {
-        bool deferred = appInfoEntryFlagGet(serviceAppId, APPINFO_FLAG_DEFER, pAppidActiveConfig)
-                || appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_DEFER, pAppidActiveConfig);
+        bool deferred = appInfoEntryFlagGet(serviceAppId, APPINFO_FLAG_DEFER)
+                || appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_DEFER);
 
         if (serviceAppId > APP_ID_NONE && !deferred)
             return serviceAppId;
@@ -3092,8 +3085,8 @@ AppId AppIdSession::pick_only_service_app_id()
     if ( common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL )
         return APP_ID_NONE;
 
-    bool deferred = appInfoEntryFlagGet(serviceAppId, APPINFO_FLAG_DEFER,  pAppidActiveConfig)
-            || appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_DEFER, pAppidActiveConfig);
+    bool deferred = appInfoEntryFlagGet(serviceAppId, APPINFO_FLAG_DEFER)
+            || appInfoEntryFlagGet(tp_app_id, APPINFO_FLAG_DEFER);
 
     if (serviceAppId > APP_ID_NONE && !deferred)
         return serviceAppId;
@@ -3134,7 +3127,7 @@ AppId AppIdSession::pick_payload_app_id()
 
     // if we have a deferred payload, just use it.
     // we are not worried about the APP_ID_UNKNOWN case here
-    if (appInfoEntryFlagGet(tp_payload_app_id, APPINFO_FLAG_DEFER_PAYLOAD, pAppidActiveConfig))
+    if (appInfoEntryFlagGet(tp_payload_app_id, APPINFO_FLAG_DEFER_PAYLOAD))
         return tp_payload_app_id;
     else if (payload_app_id > APP_ID_NONE)
         return payload_app_id;
@@ -3216,8 +3209,7 @@ static const char* httpFieldName[ NUMBER_OF_PTYPES ] = // for use in debug messa
     "body",
 };
 
-int AppIdSession::initial_CHP_sweep(char** chp_buffers, MatchedCHPAction** ppmatches,
-    const DetectorHttpConfig* pHttpConfig)
+int AppIdSession::initial_CHP_sweep(char** chp_buffers, MatchedCHPAction** ppmatches)
 {
     CHPApp* cah = nullptr;
     int longest = 0;
@@ -3229,7 +3221,7 @@ int AppIdSession::initial_CHP_sweep(char** chp_buffers, MatchedCHPAction** ppmat
     {
         ppmatches[i] = nullptr;
         if (chp_buffers[i] && (size = strlen(chp_buffers[i])) &&
-            scanKeyCHP((PatternType)i, chp_buffers[i], size, &pTally, &ppmatches[i], pHttpConfig))
+            scanKeyCHP((PatternType)i, chp_buffers[i], size, &pTally, &ppmatches[i]))
             scanKeyFoundSomething=1;
     }
     if (!scanKeyFoundSomething)
@@ -3310,7 +3302,7 @@ int AppIdSession::initial_CHP_sweep(char** chp_buffers, MatchedCHPAction** ppmat
     return 1;
 }
 
-void AppIdSession::processCHP(char** version, Packet* p, const AppIdConfig* pConfig)
+void AppIdSession::processCHP(char** version, Packet* p)
 {
     int i, size;
     int found_in_buffer = 0;
@@ -3361,7 +3353,7 @@ void AppIdSession::processCHP(char** version, Packet* p, const AppIdConfig* pCon
             }
         }
 
-        if (!initial_CHP_sweep(chp_buffers, chp_matches, &pConfig->detectorHttpConfig))
+        if (!initial_CHP_sweep(chp_buffers, chp_matches))
             http_session->chp_finished = 1; // this is a failure case.
     }
     if (!http_session->chp_finished && http_session->chp_candidate)
@@ -3371,9 +3363,8 @@ void AppIdSession::processCHP(char** version, Packet* p, const AppIdConfig* pCon
             if (ptype_scan_counts[i] && chp_buffers[i] && (size = strlen(chp_buffers[i])) > 0)
             {
                 found_in_buffer = 0;
-                ret = scanCHP((PatternType)i, chp_buffers[i], size, chp_matches[i], version,
-                    &user, &chp_rewritten[i], &found_in_buffer,
-                    http_session, p, &pConfig->detectorHttpConfig);
+                ret = scanCHP((PatternType)i, chp_buffers[i], size, chp_matches[i], version, &user,
+                        &chp_rewritten[i], &found_in_buffer, http_session, p);
                 chp_matches[i] = nullptr; // freed by scanCHP()
                 http_session->total_found += found_in_buffer;
                 http_session->num_scans--;
@@ -3601,7 +3592,7 @@ void AppIdSession::pickHttpXffAddress(Packet*, ThirdPartyAppIDAttributeData* att
     }
 }
 
-int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders* const, const AppIdConfig* pConfig)
+int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders* const)
 {
     Profile http_profile_context(httpPerfStats);
     constexpr auto RESPONSE_CODE_LENGTH = 3;
@@ -3692,7 +3683,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
             http_session->chp_finished, http_session->chp_hold_flow);
 
     if (!http_session->chp_finished || http_session->chp_hold_flow)
-        processCHP(&version, p, pConfig);
+        processCHP(&version, p);
 
     if (!http_session->skip_simple_detect)  // false unless a match happened with a call to
                                             // processCHP().
@@ -3700,10 +3691,11 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
         if (!getAppIdFlag(APPID_SESSION_APP_REINSPECT))
         {
             // Scan Server Header for Vendor & Version
-            if ((thirdparty_appid_module && (scan_flags & SCAN_HTTP_VENDOR_FLAG) &&
+            if ( (thirdparty_appid_module && (scan_flags & SCAN_HTTP_VENDOR_FLAG) &&
                 hsession->server) ||
-                (!thirdparty_appid_module && getHTTPHeaderLocation(p->data, p->dsize,
-                HTTP_ID_SERVER, &start, &end, &hmp, &pConfig->detectorHttpConfig) == 1))
+                (!thirdparty_appid_module &&
+                        getHTTPHeaderLocation(p->data, p->dsize, HTTP_ID_SERVER, &start, &end,
+                                &hmp) == 1) )
             {
                 if (serviceAppId == APP_ID_NONE || serviceAppId == APP_ID_HTTP)
                 {
@@ -3762,8 +3754,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
                     snort_free(version);
                     version = nullptr;
                 }
-                identifyUserAgent((uint8_t*)useragent, size, &service_id, &client_id, &version,
-                    &pConfig->detectorHttpConfig);
+                identifyUserAgent((uint8_t*)useragent, size, &service_id, &client_id, &version);
                 if (app_id_debug_session_flag && service_id > APP_ID_NONE && service_id !=
                     APP_ID_HTTP && serviceAppId != service_id)
                     LogMessage("AppIdDbg %s User Agent is service %d\n", app_id_debug_session,
@@ -3786,8 +3777,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
                     snort_free(version);
                     version = nullptr;
                 }
-                payload_id = geAppidByViaPattern((uint8_t*)via, size, &version,
-                    &pConfig->detectorHttpConfig);
+                payload_id = geAppidByViaPattern((uint8_t*)via, size, &version);
                 if (app_id_debug_session_flag && payload_id > APP_ID_NONE &&
                     payload_app_id != payload_id)
                     LogMessage("AppIdDbg %s VIA is data %d\n", app_id_debug_session,
@@ -3801,7 +3791,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
         if ((thirdparty_appid_module && (scan_flags & SCAN_HTTP_XWORKINGWITH_FLAG) &&
             hsession->x_working_with) ||
             (!thirdparty_appid_module && getHTTPHeaderLocation(p->data, p->dsize,
-            HTTP_ID_X_WORKING_WITH, &start, &end, &hmp, &pConfig->detectorHttpConfig) == 1))
+            HTTP_ID_X_WORKING_WITH, &start, &end, &hmp) == 1))
         {
             AppId appId;
 
@@ -3836,14 +3826,13 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
             && hsession->content_type  && !is_payload_appid_set()) ||
             (!thirdparty_appid_module && !is_payload_appid_set() &&
             getHTTPHeaderLocation(p->data, p->dsize, HTTP_ID_CONTENT_TYPE, &start, &end,
-            &hmp, &pConfig->detectorHttpConfig) == 1))
+            &hmp) == 1))
         {
             if (thirdparty_appid_module)
                 payload_id = geAppidByContentType((uint8_t*)hsession->content_type,
-                    strlen(hsession->content_type), &pConfig->detectorHttpConfig);
+                    strlen(hsession->content_type));
             else
-                payload_id = geAppidByContentType(p->data + start, end - start,
-                    &pConfig->detectorHttpConfig);
+                payload_id = geAppidByContentType(p->data + start, end - start);
             if (app_id_debug_session_flag && payload_id > APP_ID_NONE
                     && payload_app_id != payload_id)
                 LogMessage("AppIdDbg %s Content-Type is data %d\n", app_id_debug_session,
@@ -3860,7 +3849,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
                 version = nullptr;
             }
             if (getAppIdFromUrl(host, url, &version, referer, &client_id, &service_id,
-                &payload_id, &referredPayloadAppId, 0, &pConfig->detectorHttpConfig) == 1)
+                &payload_id, &referredPayloadAppId, 0) == 1)
             {
                 // do not overwrite a previously-set client or service
                 if (client_app_id <= APP_ID_NONE)
@@ -3893,7 +3882,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
         {
             if (tp_payload_app_id > APP_ID_NONE)
             {
-                entry = appInfoEntryGet(tp_payload_app_id, pConfig);
+                entry = appInfoEntryGet(tp_payload_app_id);
                 // only move tpPayloadAppId to client if its got a clientAppId
                 if (entry->clientId > APP_ID_NONE)
                 {
@@ -3903,7 +3892,7 @@ int AppIdSession::processHTTPPacket(Packet* p, int direction, HttpParsedHeaders*
             }
             else if (payload_app_id > APP_ID_NONE)
             {
-                entry =  appInfoEntryGet(payload_app_id, pConfig);
+                entry =  appInfoEntryGet(payload_app_id);
                 // only move payloadAppId to client if it has a ClientAppid
                 if (entry->clientId > APP_ID_NONE)
                 {

diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h
index 1cf74fcb890043b10278e986b929418324e04b79..0f2da3021b175c7f1277a535fcf8b36d32d0e427 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -226,7 +226,7 @@ public:
 private:
     bool do_client_discovery(int, Packet*);
     bool do_service_discovery(IpProtocol, int, AppId, AppId,  Packet*);
-    int exec_client_detectors(Packet*, int, AppIdConfig*);
+    int exec_client_detectors(Packet*, int);
 
     static uint64_t is_session_monitored(const Packet*, int, AppIdSession*);
     static bool is_packet_ignored(Packet* p);
@@ -236,8 +236,8 @@ private:
     bool is_ssl_decryption_enabled();
     void check_app_detection_restart();
     void update_encrypted_app_id(AppId serviceAppId);
-    void sync_with_snort_id(AppId, Packet*, AppIdConfig*);
-    void examine_ssl_metadata(Packet*, AppIdConfig*);
+    void sync_with_snort_id(AppId, Packet*);
+    void examine_ssl_metadata(Packet*);
     void examine_rtmp_metadata();
     void set_client_app_id_data(AppId clientAppId, char** version);
     void set_service_appid_data( AppId, char*, char**);
@@ -254,10 +254,10 @@ private:
     // FIXIT-H: when http detection is made functional we need to look at these methods and determine if they are
     // needed and what changes are required for snort3
     void pickHttpXffAddress(Packet*, ThirdPartyAppIDAttributeData*);
-    int initial_CHP_sweep(char**, MatchedCHPAction**, const DetectorHttpConfig*);
+    int initial_CHP_sweep(char**, MatchedCHPAction**);
     void clearMiscHttpFlags();
-    int processHTTPPacket(Packet*, int, HttpParsedHeaders* const, const AppIdConfig*);
-    void processCHP(char**, Packet*, const AppIdConfig*);
+    int processHTTPPacket(Packet*, int, HttpParsedHeaders* const);
+    void processCHP(char**, Packet*);
 #endif
 
 public:
@@ -358,6 +358,8 @@ public:
     bool is_http2 = false;
     SEARCH_SUPPORT_TYPE search_support_type = SEARCH_SUPPORT_TYPE_UNKNOWN;
 
+    bool in_expected_cache = false;
+
     static unsigned flow_id;
     static void init() { flow_id = FlowData::get_flow_id(); }
 

diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc
index c8382a7c2479cdca1134cfef86a4bc3803ab5296..ec10e7ee97bc029e89966c932912f9a8ee8e0ed6 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -31,9 +31,10 @@
 #include "utils/sflsq.h"
 #include "utils/util.h"
 
+#include "appid_module.h"
 #include "appid_api.h"
 #include "appid_session.h"
-#include "fw_appid.h"
+#include "app_info_table.h"
 #include "appid_utils/fw_avltree.h"
 #include "appid_utils/output_file.h"
 
@@ -45,10 +46,6 @@
 #define UNIFIED2_IDS_EVENT_APPSTAT 1
 #endif
 
-static time_t bucketStart;
-static time_t bucketInterval;
-static time_t bucketEnd;
-
 struct AppIdStatRecord
 {
     uint32_t app_id;
@@ -87,30 +84,30 @@ struct StatsBucket
     uint32_t appRecordCnt;
 };
 
-static SF_LIST* currBuckets;
-static SF_LIST* logBuckets;
-
-static const char* appFilePath;
-
-static FILE* appfp;
-
-static size_t appSize;
-
-static time_t appTime;
-
-Serial_Unified2_Header header;
-
+static THREAD_LOCAL SF_LIST* currBuckets = nullptr;
+static THREAD_LOCAL SF_LIST* logBuckets = nullptr;
+static THREAD_LOCAL FILE* appfp = nullptr;
+static THREAD_LOCAL size_t appSize;
+static THREAD_LOCAL time_t appTime;
+static THREAD_LOCAL const char* appid_stats_filename = nullptr;
+static THREAD_LOCAL time_t bucketStart;
+static THREAD_LOCAL time_t bucketInterval;
+static THREAD_LOCAL time_t bucketEnd;
+
+static const char appid_stats_file_suffix[] = "_appid_stats.log";
 static size_t rollSize;
 static time_t rollPeriod;
 static bool enableAppStats;
 
-static void endStats2Period(void);
-static void startStats2Period(time_t startTime);
-static struct StatsBucket* getStatsBucket(time_t startTime);
-static void dumpStats2(void);
+static void end_stats_period(void);
+static void start_stats_period(time_t startTime);
+static struct StatsBucket* get_stats_bucket(time_t startTime);
+static void dump_statistics(void);
 
-static void deleteRecord(void* record)
-{ snort_free(record); }
+static void delete_record(void* record)
+{
+       snort_free(record);
+}
 
 static inline time_t get_time()
 {
@@ -118,7 +115,7 @@ static inline time_t get_time()
     return now - (now % bucketInterval);
 }
 
-void appIdStatsUpdate(AppIdSession* session)
+void update_appid_statistics(AppIdSession* session)
 {
     if ( !enableAppStats )
         return;
@@ -127,15 +124,15 @@ void appIdStatsUpdate(AppIdSession* session)
 
     if (now >= bucketEnd)
     {
-        endStats2Period();
-        dumpStats2();
-        startStats2Period(now);
+        end_stats_period();
+        dump_statistics();
+        start_stats_period(now);
     }
 
     time_t bucketTime = session->stats.firstPktsecond -
         (session->stats.firstPktsecond % bucketInterval);
 
-    StatsBucket* bucket = getStatsBucket(bucketTime);
+    StatsBucket* bucket = get_stats_bucket(bucketTime);
     if ( !bucket )
         return;
 
@@ -243,26 +240,27 @@ void appIdStatsUpdate(AppIdSession* session)
     }
 }
 
-void appIdStatsInit(AppIdModuleConfig* config)
+void init_appid_statistics(const AppIdModuleConfig* config)
 {
-    if (config->app_stats_filename)
+    if (config->stats_logging_enabled)
     {
         enableAppStats = true;
-        appFilePath = config->app_stats_filename;
+        std::string stats_file;
+        appid_stats_filename = snort_strdup(get_instance_file(stats_file, appid_stats_file_suffix));
 
         rollPeriod = config->app_stats_rollover_time;
         rollSize = config->app_stats_rollover_size;
         bucketInterval = config->app_stats_period;
 
         time_t now = get_time();
-        startStats2Period(now);
+        start_stats_period(now);
         appfp = nullptr;
     }
     else
         enableAppStats = false;
 }
 
-static void appIdStatsCloseFiles()
+static void close_stats_log_file()
 {
     if (appfp)
     {
@@ -271,7 +269,7 @@ static void appIdStatsCloseFiles()
     }
 }
 
-void appIdStatsReinit()
+void reinit_appid_statistics()
 {
     // FIXIT-L J really should something like:
     // if ( !stats_files_are_open() )
@@ -279,10 +277,10 @@ void appIdStatsReinit()
     if (!enableAppStats)
         return;
 
-    appIdStatsCloseFiles();
+    close_stats_log_file();
 }
 
-void appIdStatsIdleFlush()
+void flush_appid_statistics()
 {
     if (!enableAppStats)
         return;
@@ -290,26 +288,26 @@ void appIdStatsIdleFlush()
     time_t now = get_time();
     if (now >= bucketEnd)
     {
-        endStats2Period();
-        dumpStats2();
-        startStats2Period(now);
+        end_stats_period();
+        dump_statistics();
+        start_stats_period(now);
     }
 }
 
-static void startStats2Period(time_t startTime)
+static void start_stats_period(time_t startTime)
 {
     bucketStart = startTime;
     bucketEnd = bucketStart + bucketInterval;
 }
 
-static void endStats2Period(void)
+static void end_stats_period(void)
 {
     SF_LIST* bucketList = logBuckets;
     logBuckets = currBuckets;
     currBuckets = bucketList;
 }
 
-static StatsBucket* getStatsBucket(time_t startTime)
+static StatsBucket* get_stats_bucket(time_t startTime)
 {
     StatsBucket* bucket = nullptr;
 
@@ -365,13 +363,15 @@ static StatsBucket* getStatsBucket(time_t startTime)
     return bucket;
 }
 
-static void dumpStats2()
+static void dump_statistics()
 {
     struct StatsBucket* bucket = nullptr;
     uint8_t* buffer;
     uint32_t* buffPtr;
     struct    FwAvlNode* node;
     struct AppIdStatRecord* record;
+    Serial_Unified2_Header header;
+
     size_t buffSize;
     time_t currTime = time(nullptr);
 
@@ -422,7 +422,7 @@ static void dumpStats2()
                     app_id -= 2000000000;
                 }
 
-                AppInfoTableEntry* entry = appInfoEntryGet(app_id, pAppidActiveConfig);
+                AppInfoTableEntry* entry = appInfoEntryGet(app_id);
                 if (entry)
                 {
                     appName = entry->appName;
@@ -443,7 +443,7 @@ static void dumpStats2()
                     if (cooked_client)
                         snprintf(tmpBuff, MAX_EVENT_APPNAME_LEN, "_err_cl_%u",app_id);
                     else
-                        snprintf(tmpBuff, MAX_EVENT_APPNAME_LEN, "_err_%u",app_id); // ODP out of
+                        snprintf(tmpBuff, MAX_EVENT_APPNAME_LEN, "_err_%u",app_id);
 
                     tmpBuff[MAX_EVENT_APPNAME_LEN - 1] = 0;
                     appName = tmpBuff;
@@ -454,22 +454,21 @@ static void dumpStats2()
                 /**buffPtr++ = htonl(record->app_id); */
                 recBuffPtr->initiatorBytes = htonl(record->initiatorBytes);
                 recBuffPtr->responderBytes = htonl(record->responderBytes);
-
                 buffPtr += sizeof(*recBuffPtr)/sizeof(*buffPtr);
             }
 
-            if (appFilePath)
+            if (appid_stats_filename)
             {
                 if (!appfp)
                 {
-                    appfp = openOutputFile(appFilePath, currTime);
+                    appfp = openOutputFile(appid_stats_filename, currTime);
                     appTime = currTime;
                     appSize = 0;
                 }
                 else if (((currTime - appTime) > rollPeriod) ||
                     ((appSize + buffSize) > rollSize))
                 {
-                    appfp = rolloverOutputFile(appFilePath, appfp, currTime);
+                    appfp = rolloverOutputFile(appid_stats_filename, appfp, currTime);
                     appTime = currTime;
                     appSize = 0;
                 }
@@ -482,8 +481,8 @@ static void dumpStats2()
                     else
                     {
                         ErrorMessage(
-                            "NGFW Rule Engine Failed to write to statistics file (%s): %s\n",
-                            appFilePath, strerror(errno));
+                            "AppID ailed to write to statistics file (%s): %s\n",
+                            appid_stats_filename, strerror(errno));
                         fclose(appfp);
                         appfp = nullptr;
                     }
@@ -491,34 +490,34 @@ static void dumpStats2()
             }
             snort_free(buffer);
         }
-        fwAvlDeleteTree(bucket->appsTree, deleteRecord);
+        fwAvlDeleteTree(bucket->appsTree, delete_record);
         snort_free(bucket);
     }
 }
 
-void appIdStatsFini()
+void cleanup_appid_statistics()
 {
     if (!enableAppStats)
         return;
 
     /*flush the last stats period. */
-    endStats2Period();
-    dumpStats2();
-
-    if (!currBuckets)
-        return;
-
-    while (auto bucket = (StatsBucket*)sflist_remove_head(currBuckets))
-    {
-        fwAvlDeleteTree(bucket->appsTree, deleteRecord);
-        snort_free(bucket);
-    }
-
-    snort_free(currBuckets);
+    end_stats_period();
+    dump_statistics();
+    close_stats_log_file();
+    snort_free((void*)appid_stats_filename);
 
     if (logBuckets)
         snort_free(logBuckets);
 
-    appIdStatsCloseFiles();
+    if (currBuckets)
+    {
+       while (auto bucket = (StatsBucket*)sflist_remove_head(currBuckets))
+       {
+               fwAvlDeleteTree(bucket->appsTree, delete_record);
+               snort_free(bucket);
+       }
+
+       snort_free(currBuckets);
+    }
 }
 

diff --git a/src/network_inspectors/appid/appid_stats.h b/src/network_inspectors/appid/appid_stats.h
index 3df016c0f2ed7d78d2bd73ecaed2d74c129bce90..7adeaadd73888d533f40c2222e06f07bc9ae5fb5 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.h
+++ b/src/network_inspectors/appid/appid_stats.h
@@ -25,10 +25,10 @@
 class AppIdSession;
 class AppIdModuleConfig;
 
-void appIdStatsUpdate(AppIdSession*);
-void appIdStatsInit(AppIdModuleConfig* config);
-void appIdStatsReinit();
-void appIdStatsIdleFlush();
-void appIdStatsFini();
+void update_appid_statistics(AppIdSession*);
+void init_appid_statistics(const AppIdModuleConfig*);
+void reinit_appid_statistics();
+void flush_appid_statistics();
+void cleanup_appid_statistics();
 
 #endif

diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc
index 8b0be2d644e92be0dc780cc7d6cccc2e3ae711af..2acf294c0956f08c3f08c7ea9144d50c23baab5f 100644 (file)
--- a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc
+++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc
@@ -598,9 +598,7 @@ static int addPatternRecursively(tMlmpTree* rootNode, const tMlmpPattern* inputP
         patterns = inputPatternList + i;
 
         /*create list of remaining nodes  */
-        for (partNum = 2;
-            partNum <= partTotal;
-            partNum++)
+        for (partNum = 2; partNum <= partTotal; partNum++)
         {
             newNode = tmpPrimaryNode->patternNode.nextPattern + (partNum -2);
             newNode->pattern.pattern = patterns->pattern;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_aim.cc b/src/network_inspectors/appid/client_plugins/client_app_aim.cc
index 0b51c1fdf27e00428dd7a3d761aec53ab14e2c4e..c3fb87bcc68fa95d99e8fb6dfb72b119ceadf6d7 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_aim.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_aim.cc
@@ -74,9 +74,8 @@ THREAD_LOCAL AIM_CLIENT_APP_CONFIG aim_config;
 #define MAX_VERSION_SIZE    64
 
 static CLIENT_APP_RETCODE aim_init(const IniClientAppAPI* const, SF_LIST* config);
-static CLIENT_APP_RETCODE aim_validate(
-    const uint8_t* data, uint16_t size, const int dir, AppIdSession*, Packet*,
-    Detector*, const AppIdConfig*);
+static CLIENT_APP_RETCODE aim_validate( const uint8_t* data, uint16_t size, const int dir,
+        AppIdSession*, Packet*, Detector*);
 
 RNAClientAppModule aim_client_mod =
 {
@@ -150,7 +149,7 @@ static CLIENT_APP_RETCODE aim_init(const IniClientAppAPI* const init_api, SF_LIS
                 patterns[i].length, patterns[i].index);
 
             init_api->RegisterPattern(&aim_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -159,8 +158,7 @@ static CLIENT_APP_RETCODE aim_init(const IniClientAppAPI* const init_api, SF_LIS
         DebugFormat(DEBUG_INSPECTOR, "registering appId: %d\n",
             appIdRegistry[j].appId);
 
-        init_api->RegisterAppId(&aim_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+        init_api->RegisterAppId(&aim_validate, appIdRegistry[j].appId, appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -198,9 +196,8 @@ static inline bool check_username(
     return true;
 }
 
-static CLIENT_APP_RETCODE aim_validate(
-    const uint8_t* const data, uint16_t size, const int dir, AppIdSession* flowp,
-    Packet*, Detector*, const AppIdConfig*)
+static CLIENT_APP_RETCODE aim_validate( const uint8_t* const data, uint16_t size, const int dir,
+        AppIdSession* flowp, Packet*, Detector*)
 {
     if ( dir != APP_ID_FROM_INITIATOR )
         return CLIENT_APP_INPROCESS;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_api.h b/src/network_inspectors/appid/client_plugins/client_app_api.h
index 02148547bf5fccfef7fb2c25f252fdd8d586ad70..30ec6c97f50857b03cd479279a57cb3b1b40f3f8 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_api.h
+++ b/src/network_inspectors/appid/client_plugins/client_app_api.h
@@ -55,43 +55,23 @@ struct RNAClientAppModuleConfigItem
     const char* value;
 };
 
-using RNAClientAppFCN = CLIENT_APP_RETCODE(*)(
-    const uint8_t* data,
-    uint16_t size,
-    const int dir,
-    AppIdSession*,
-    Packet*,
-    Detector*,
-    const AppIdConfig*
-);
+using RNAClientAppFCN = CLIENT_APP_RETCODE(*)( const uint8_t* data, uint16_t size, const int dir,
+    AppIdSession*, Packet*, Detector*);
 
 struct IniClientAppAPI
 {
-    void (* RegisterPattern)(
-        RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
-        unsigned size, int position, AppIdConfig*);
-
-    void (* RegisterPatternEx)(
-        RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
+    void (* RegisterPattern)(RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
+        unsigned size, int position);
+    void (* RegisterPatternEx)(RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
         unsigned size, int position, Detector*);
-
-    void (* RegisterPatternNoCase)(
-        RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
-        unsigned size, int position, AppIdConfig*);
-
-    void (* RegisterAppId)(
-        RNAClientAppFCN, AppId, uint32_t additionalInfo, AppIdConfig*);
-
+    void (* RegisterPatternNoCase)(RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
+        unsigned size, int position);
+    void (* RegisterAppId)(RNAClientAppFCN, AppId, uint32_t additionalInfo);
     int debug;
     uint32_t instance_id;
     AppIdConfig* pAppidConfig;  ///< AppId context for which this API should be used
 };
 
-struct CleanClientAppAPI
-{
-    AppIdConfig* pAppidConfig = nullptr;  ///< AppId context for which this API should be used
-};
-
 struct FinalizeClientAppAPI
 {
     void* data = nullptr;
@@ -99,7 +79,7 @@ struct FinalizeClientAppAPI
 
 using RNAClientAppInitFCN = CLIENT_APP_RETCODE(*)(const IniClientAppAPI* const, SF_LIST* config);
 using RNAClientAppFinalizeFCN = CLIENT_APP_RETCODE (*)(const FinalizeClientAppAPI* const);
-using RNAClientAppCleanFCN = void(*)(const CleanClientAppAPI* const);
+using RNAClientAppCleanFCN = void(*)();
 
 using ClientAppFlowdataGet = void*(*)(AppIdSession*, unsigned);
 using ClientAppFlowdataAdd = int(*)(AppIdSession*, void*, unsigned, AppIdFreeFCN);

diff --git a/src/network_inspectors/appid/client_plugins/client_app_base.cc b/src/network_inspectors/appid/client_plugins/client_app_base.cc
index 27030996cb350e8e6d1bd4d3a8f154e83578d7bd..1f8fa128e5f8d05a8ab6820276440368a27c10d8 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_base.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_base.cc
@@ -77,15 +77,13 @@ static const ClientAppApi client_app_api =
     &AppIdAddPayload
 };
 
-static void LuaClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto,
-    const uint8_t* const pattern, unsigned size,
-    int position, struct Detector* userData);
 static void CClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto,
-    const uint8_t* const pattern, unsigned size,
-    int position, AppIdConfig* pConfig);
+    const uint8_t* const pattern, unsigned size, int position);
+static void LuaClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto,
+    const uint8_t* const pattern, unsigned size, int position, struct Detector* userData);
 static void CClientAppRegisterPatternNoCase(RNAClientAppFCN fcn, IpProtocol proto,
-    const uint8_t* const pattern, unsigned size,
-    int position, AppIdConfig* pConfig);
+    const uint8_t* const pattern, unsigned size, int position);
+static void appSetClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned extractsInfo);
 
 static IniClientAppAPI client_init_api =
 {
@@ -98,10 +96,6 @@ static IniClientAppAPI client_init_api =
     nullptr
 };
 
-static CleanClientAppAPI clean_api =
-{
-};
-
 static FinalizeClientAppAPI finalize_api =
 {
 };
@@ -138,13 +132,22 @@ static RNAClientAppModule* static_client_list[] =
     &dns_tcp_client_mod,
     &http_client_mod
 };
+const uint32_t NUM_STATIC_CLIENTS =  sizeof(static_client_list)/sizeof(RNAClientAppModule*);
+
+static THREAD_LOCAL ClientAppConfig* client_app_config = nullptr;
+
+struct ClientAppMatch
+{
+    struct ClientAppMatch* next;
+    unsigned count;
+    const RNAClientAppModule* ca;
+};
 
-/*static const char * const MODULE_NAME = "ClientApp"; */
+static THREAD_LOCAL ClientAppMatch* match_free_list = nullptr;
 
-void appSetClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned extractsInfo,
-    AppIdConfig* pConfig)
+static void appSetClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned extractsInfo)
 {
-    AppInfoTableEntry* pEntry = appInfoEntryGet(appId, pConfig);
+    AppInfoTableEntry* pEntry = appInfoEntryGet(appId);
     if (!pEntry)
     {
         ErrorMessage("AppId: invalid direct client application AppId: %d\n", appId);
@@ -157,7 +160,7 @@ void appSetClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned extractsIn
             "Ignoring direct client application without info for AppId: %d", appId);
         return;
     }
-    pEntry->clntValidator = ClientAppGetClientAppModule(fcn, nullptr, &pConfig->clientAppConfig);
+    pEntry->clntValidator = ClientAppGetClientAppModule(fcn, nullptr);
     if (pEntry->clntValidator)
         pEntry->flags |= extractsInfo;
     else
@@ -169,13 +172,12 @@ const ClientAppApi* getClientApi(void)
     return &client_app_api;
 }
 
-RNAClientAppModuleConfig* getClientAppModuleConfig(const char* moduleName,
-    ClientAppConfig* pClientAppConfig)
+RNAClientAppModuleConfig* getClientAppModuleConfig(const char* moduleName)
 {
     SF_LNODE* cursor;
     RNAClientAppModuleConfig* mod_config;
 
-    for (mod_config = (RNAClientAppModuleConfig*)sflist_first(&pClientAppConfig->module_configs,
+    for (mod_config = (RNAClientAppModuleConfig*)sflist_first(&client_app_config->module_configs,
             &cursor);
         mod_config;
         mod_config = (RNAClientAppModuleConfig*)sflist_next(&cursor))
@@ -186,18 +188,16 @@ RNAClientAppModuleConfig* getClientAppModuleConfig(const char* moduleName,
     return mod_config;
 }
 
-const RNAClientAppModule* ClientAppGetClientAppModule(RNAClientAppFCN fcn, struct
-    Detector* userdata,
-    ClientAppConfig* pClientAppConfig)
+const RNAClientAppModule* ClientAppGetClientAppModule(RNAClientAppFCN fcn, struct Detector* userdata)
 {
     RNAClientAppRecord* li;
 
-    for (li = pClientAppConfig->tcp_client_app_list; li; li=li->next)
+    for (li = client_app_config->tcp_client_app_list; li; li=li->next)
     {
         if ((li->module->validate == fcn) && (li->module->userData == userdata))
             return li->module;
     }
-    for (li=pClientAppConfig->udp_client_app_list; li; li=li->next)
+    for (li=client_app_config->udp_client_app_list; li; li=li->next)
     {
         if ((li->module->validate == fcn) && (li->module->userData == userdata))
             return li->module;
@@ -206,20 +206,19 @@ const RNAClientAppModule* ClientAppGetClientAppModule(RNAClientAppFCN fcn, struc
 }
 
 static void add_pattern_data(SearchTool* st, const RNAClientAppModule* li, int position,
-        const uint8_t* const pattern, unsigned size, unsigned nocase,
-        int* count, ClientAppConfig* pClientAppConfig)
+        const uint8_t* const pattern, unsigned size, unsigned nocase, int* count)
 {
     ClientPatternData* pd = (ClientPatternData*)snort_calloc(sizeof(ClientPatternData));
     pd->ca = li;
     pd->position = position;
     (*count)++;
-    pd->next = pClientAppConfig->pattern_data_list;
-    pClientAppConfig->pattern_data_list = pd;
+    pd->next = client_app_config->pattern_data_list;
+    client_app_config->pattern_data_list = pd;
     st->add((const char*)pattern, size, pd, nocase);
 }
 
 static void clientCreatePattern(IpProtocol proto, const uint8_t* const pattern, unsigned size,
-    int position, unsigned nocase, const RNAClientAppModule* li, ClientAppConfig* pClientAppConfig)
+    int position, unsigned nocase, const RNAClientAppModule* li)
 {
     int* count;
 
@@ -231,19 +230,17 @@ static void clientCreatePattern(IpProtocol proto, const uint8_t* const pattern,
 
     if (proto == IpProtocol::TCP)
     {
-        if (!pClientAppConfig->tcp_patterns)
-            pClientAppConfig->tcp_patterns = new SearchTool("ac_full");
-        count = &pClientAppConfig->tcp_pattern_count;
-        add_pattern_data(pClientAppConfig->tcp_patterns, li, position, pattern, size,
-            nocase, count, pClientAppConfig);
+        if (!client_app_config->tcp_patterns)
+            client_app_config->tcp_patterns = new SearchTool("ac_full");
+        count = &client_app_config->tcp_pattern_count;
+        add_pattern_data(client_app_config->tcp_patterns, li, position, pattern, size, nocase, count);
     }
     else if (proto == IpProtocol::UDP)
     {
-        if (!pClientAppConfig->udp_patterns)
-            pClientAppConfig->udp_patterns = new SearchTool("ac_full");
-        count = &pClientAppConfig->udp_pattern_count;
-        add_pattern_data(pClientAppConfig->udp_patterns, li, position, pattern, size,
-            nocase, count, pClientAppConfig);
+        if (!client_app_config->udp_patterns)
+            client_app_config->udp_patterns = new SearchTool("ac_full");
+        count = &client_app_config->udp_pattern_count;
+        add_pattern_data(client_app_config->udp_patterns, li, position, pattern, size, nocase, count);
     }
     else
     {
@@ -252,39 +249,33 @@ static void clientCreatePattern(IpProtocol proto, const uint8_t* const pattern,
 }
 
 static void CClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto,
-    const uint8_t* const pattern, unsigned size,
-    int position, AppIdConfig* pConfig)
+    const uint8_t* const pattern, unsigned size, int position)
 {
-    ClientAppRegisterPattern(fcn, proto, pattern, size, position, 0, nullptr,
-        &pConfig->clientAppConfig);
+    ClientAppRegisterPattern(fcn, proto, pattern, size, position, 0, nullptr);
 }
 
 static void CClientAppRegisterPatternNoCase(RNAClientAppFCN fcn, IpProtocol proto,
-    const uint8_t* const pattern, unsigned size,
-    int position, AppIdConfig* pConfig)
+    const uint8_t* const pattern, unsigned size, int position)
 {
-    ClientAppRegisterPattern(fcn, proto, pattern, size, position, 1, nullptr,
-        &pConfig->clientAppConfig);
+    ClientAppRegisterPattern(fcn, proto, pattern, size, position, 1, nullptr);
 }
 
 static void LuaClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto,
     const uint8_t* const pattern, unsigned size, int position, struct Detector* userData)
 {
-    ClientAppRegisterPattern(fcn, proto, pattern, size, position, 0, userData,
-        &userData->pAppidNewConfig->clientAppConfig);
+    ClientAppRegisterPattern(fcn, proto, pattern, size, position, 0, userData);
 }
 
 void ClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto, const uint8_t* const pattern,
-    unsigned size, int position, unsigned nocase, struct Detector* userData,
-    ClientAppConfig* pClientAppConfig)
+    unsigned size, int position, unsigned nocase, struct Detector* userData)
 {
     RNAClientAppRecord* list;
     RNAClientAppRecord* li;
 
     if (proto == IpProtocol::TCP)
-        list = pClientAppConfig->tcp_client_app_list;
+        list = client_app_config->tcp_client_app_list;
     else if (proto == IpProtocol::UDP)
-        list = pClientAppConfig->udp_client_app_list;
+        list = client_app_config->udp_client_app_list;
     else
     {
         ErrorMessage("Invalid protocol when registering a pattern: %u\n",(unsigned)proto);
@@ -295,16 +286,15 @@ void ClientAppRegisterPattern(RNAClientAppFCN fcn, IpProtocol proto, const uint8
     {
         if ((li->module->validate == fcn) && (li->module->userData == userData))
         {
-            clientCreatePattern(proto, pattern, size, position, nocase,
-                    li->module, pClientAppConfig);
+            clientCreatePattern(proto, pattern, size, position, nocase, li->module);
             break;
         }
     }
 }
 
-int ClientAppLoadForConfigCallback(void* symbol, ClientAppConfig* pClientAppConfig)
+int ClientAppLoadCallback(void* symbol)
 {
-    static unsigned client_module_index = 0;
+    static THREAD_LOCAL unsigned client_module_index = 0;
     RNAClientAppModule* cam = (RNAClientAppModule*)symbol;
     RNAClientAppRecord** list = nullptr;
     RNAClientAppRecord* li;
@@ -319,11 +309,11 @@ int ClientAppLoadForConfigCallback(void* symbol, ClientAppConfig* pClientAppConf
 
     if (cam->proto == IpProtocol::TCP)
     {
-        list = &pClientAppConfig->tcp_client_app_list;
+        list = &client_app_config->tcp_client_app_list;
     }
     else if (cam->proto == IpProtocol::UDP)
     {
-        list = &pClientAppConfig->udp_client_app_list;
+        list = &client_app_config->udp_client_app_list;
     }
     else
     {
@@ -352,32 +342,26 @@ int ClientAppLoadForConfigCallback(void* symbol, ClientAppConfig* pClientAppConf
     return 0;
 }
 
-int ClientAppLoadCallback(void* symbol)
-{
-    return ClientAppLoadForConfigCallback(symbol, &pAppidActiveConfig->clientAppConfig);
-}
-
-int LoadClientAppModules(AppIdConfig* pConfig)
+int LoadClientAppModules()
 {
     unsigned i;
 
-    for (i=0; i<sizeof(static_client_list)/sizeof(*static_client_list); i++)
+    for (i = 0; i < NUM_STATIC_CLIENTS; i++)
     {
-        if (ClientAppLoadForConfigCallback(static_client_list[i], &pConfig->clientAppConfig))
+        if (ClientAppLoadCallback(static_client_list[i]))
             return -1;
     }
 
     return 0;
 }
 
-static void AddModuleConfigItem(char* module_name, char* item_name, char* item_value,
-    ClientAppConfig* config)
+static void AddModuleConfigItem(char* module_name, char* item_name, char* item_value)
 {
     SF_LNODE* cursor;
     RNAClientAppModuleConfig* mod_config;
     RNAClientAppModuleConfigItem* item;
 
-    for (mod_config = (RNAClientAppModuleConfig*)sflist_first(&config->module_configs, &cursor);
+    for (mod_config = (RNAClientAppModuleConfig*)sflist_first(&client_app_config->module_configs, &cursor);
         mod_config;
         mod_config = (RNAClientAppModuleConfig*)sflist_next(&cursor))
     {
@@ -390,7 +374,7 @@ static void AddModuleConfigItem(char* module_name, char* item_name, char* item_v
         mod_config = (RNAClientAppModuleConfig*)snort_calloc(sizeof(RNAClientAppModuleConfig));
         mod_config->name = snort_strdup(module_name);
         sflist_init(&mod_config->items);
-        sflist_add_tail(&config->module_configs, mod_config);
+        sflist_add_tail(&client_app_config->module_configs, mod_config);
     }
 
     for (item = (RNAClientAppModuleConfigItem*)sflist_first(&mod_config->items, &cursor);
@@ -414,19 +398,18 @@ static void AddModuleConfigItem(char* module_name, char* item_name, char* item_v
     item->value = snort_strdup(item_value);
 }
 
-static void ClientAppParseOption(ClientAppConfig* config,
-    char* key, char* value)
+static void ClientAppParseOption(char* key, char* value)
 {
     char* p;
 
     if (!strcasecmp(key, "enable"))
     {
-        config->enabled = atoi(value);
+        client_app_config->enabled = atoi(value) ? true : false;
     }
     else if ((p = strchr(key, ':')) && p[1])
     {
         *p = 0;
-        AddModuleConfigItem(key, &p[1], value, config);
+        AddModuleConfigItem(key, &p[1], value);
         *p = ':';
     }
     else
@@ -493,7 +476,7 @@ static void DisplayClientAppConfig(ClientAppConfig* config)
 }
 #endif
 
-static int ClientAppParseArgs(ClientAppConfig* config, SF_LIST* args)
+static int ClientAppParseArgs(SF_LIST* args)
 {
     ConfigItem* ci;
     SF_LNODE* cursor;
@@ -502,11 +485,11 @@ static int ClientAppParseArgs(ClientAppConfig* config, SF_LIST* args)
         ci;
         ci = (ConfigItem*)sflist_next(&cursor))
     {
-        ClientAppParseOption(config, ci->name, ci->value);
+        ClientAppParseOption(ci->name, ci->value);
     }
 
 #ifdef DEBUG
-    DisplayClientAppConfig(config);
+    DisplayClientAppConfig(client_app_config);
 #endif
     return 0;
 }
@@ -538,13 +521,13 @@ static void free_module_config(void* module_config)
     }
 }
 
-static void initialize_module(RNAClientAppRecord* li, ClientAppConfig* pClientAppConfig)
+static void initialize_module(RNAClientAppRecord* li)
 {
     RNAClientAppModuleConfig* mod_config;
     SF_LNODE* cursor;
     int rval;
 
-    for (mod_config = (RNAClientAppModuleConfig*)sflist_first(&pClientAppConfig->module_configs,
+    for (mod_config = (RNAClientAppModuleConfig*)sflist_first(&client_app_config->module_configs,
             &cursor);
         mod_config;
         mod_config = (RNAClientAppModuleConfig*)sflist_next(&cursor))
@@ -573,158 +556,103 @@ static void finalize_module(RNAClientAppRecord* li)
     }
 }
 
-static void clean_module(RNAClientAppRecord* li)
-{
-    if (li->module->clean)
-        li->module->clean(&clean_api);
-}
-
-void UnconfigureClientApp(AppIdConfig* pConfig)
-{
-    ClientPatternData* pd;
-    RNAClientAppRecord* li;
-
-    clean_api.pAppidConfig = pConfig;
-    for (li = pConfig->clientAppConfig.tcp_client_app_list; li; li = li->next)
-        clean_module(li);
-    for (li = pConfig->clientAppConfig.udp_client_app_list; li; li = li->next)
-        clean_module(li);
-
-    // FIXIT - should this be deleted here? or move this clean up to a dtor?
-    delete pConfig->clientAppConfig.tcp_patterns;
-    pConfig->clientAppConfig.tcp_patterns = nullptr;
-
-    delete pConfig->clientAppConfig.udp_patterns;
-    pConfig->clientAppConfig.udp_patterns = nullptr;
-
-    while (pConfig->clientAppConfig.pattern_data_list)
-    {
-        pd = pConfig->clientAppConfig.pattern_data_list;
-        pConfig->clientAppConfig.pattern_data_list = pd->next;
-        snort_free((void*)pd);
-    }
-
-    CleanHttpPatternLists(pConfig);
-#ifdef REMOVED_WHILE_NOT_IN_USE
-    ssl_detector_free_patterns(&pConfig->serviceSslConfig);
-#endif
-    dns_detector_free_patterns(&pConfig->serviceDnsConfig);
-    CleanClientPortPatternList(pConfig);
-
-    sflist_static_free_all(&pConfig->clientAppConfig.module_configs, &free_module_config);
-}
-
 /**
  * Initialize the configuration of the client app module
  *
  * @param args
  */
-void ClientAppInit(AppIdConfig* pConfig)
+void init_client_plugins()
 {
     RNAClientAppRecord* li;
 
-    sflist_init(&pConfig->clientAppConfig.module_configs);
-    pConfig->clientAppConfig.enabled = 1;
+    client_app_config = new ClientAppConfig;
+    if (LoadClientAppModules())
+         exit(-1);
 
-    ClientAppParseArgs(&pConfig->clientAppConfig, &pConfig->client_app_args);
+    sflist_init(&client_app_config->module_configs);
+    client_app_config->enabled = true;
+    ClientAppParseArgs(&pAppidActiveConfig->client_app_args);
 
-    if (pConfig->clientAppConfig.enabled)
+    if (client_app_config->enabled)
     {
         client_init_api.debug = pAppidActiveConfig->mod_config->debug;
-        client_init_api.pAppidConfig = pConfig;
+        client_init_api.pAppidConfig = pAppidActiveConfig;
         // FIXIT - active config global must go...
         client_init_api.instance_id = pAppidActiveConfig->mod_config->instance_id;
 
-        for (li = pConfig->clientAppConfig.tcp_client_app_list; li; li = li->next)
-            initialize_module(li, &pConfig->clientAppConfig);
-        for (li = pConfig->clientAppConfig.udp_client_app_list; li; li = li->next)
-            initialize_module(li, &pConfig->clientAppConfig);
-
-        luaModuleInitAllClients();
-
-        for (li = pConfig->clientAppConfig.tcp_client_app_list; li; li = li->next)
+        for (li = client_app_config->tcp_client_app_list; li; li = li->next)
+            initialize_module(li);
+        for (li = client_app_config->udp_client_app_list; li; li = li->next)
+            initialize_module(li);
+        for (li = client_app_config->tcp_client_app_list; li; li = li->next)
             finalize_module(li);
-
-        for (li = pConfig->clientAppConfig.udp_client_app_list; li; li = li->next)
+        for (li = client_app_config->udp_client_app_list; li; li = li->next)
             finalize_module(li);
     }
 }
 
-void ClientAppFinalize(AppIdConfig* pConfig)
+void finalize_client_plugins()
 {
-    if (pConfig->clientAppConfig.enabled)
+    if (client_app_config->enabled)
     {
-        if ( pConfig->clientAppConfig.tcp_patterns )
-            pConfig->clientAppConfig.tcp_patterns->prep();
+        if ( client_app_config->tcp_patterns )
+            client_app_config->tcp_patterns->prep();
 
-        if ( pConfig->clientAppConfig.udp_patterns )
-            pConfig->clientAppConfig.udp_patterns->prep();
+        if ( client_app_config->udp_patterns )
+            client_app_config->udp_patterns->prep();
     }
 }
 
-struct ClientAppMatch
-{
-    struct ClientAppMatch* next;
-    unsigned count;
-    const RNAClientAppModule* ca;
-};
-
-static ClientAppMatch* match_free_list;
-
 /**
  * Clean up the configuration of the client app module
  */
-void CleanupClientApp(AppIdConfig* pConfig )
+void clean_client_plugins()
 {
-    ClientAppMatch* match;
     ClientPatternData* pd;
     RNAClientAppRecord* li;
 
-    clean_api.pAppidConfig = pConfig;
-    if (pConfig->clientAppConfig.tcp_patterns)
+    if (client_app_config->tcp_patterns)
     {
-        delete pConfig->clientAppConfig.tcp_patterns;
-        pConfig->clientAppConfig.tcp_patterns = nullptr;
+        delete client_app_config->tcp_patterns;
+        client_app_config->tcp_patterns = nullptr;
     }
-    if (pConfig->clientAppConfig.udp_patterns)
+    if (client_app_config->udp_patterns)
     {
-        delete pConfig->clientAppConfig.udp_patterns;
-        pConfig->clientAppConfig.udp_patterns = nullptr;
+        delete client_app_config->udp_patterns;
+        client_app_config->udp_patterns = nullptr;
     }
-    while ((pd = pConfig->clientAppConfig.pattern_data_list) != nullptr)
+    while ((pd = client_app_config->pattern_data_list) != nullptr)
     {
-        pConfig->clientAppConfig.pattern_data_list = pd->next;
+        client_app_config->pattern_data_list = pd->next;
         snort_free(pd);
     }
 
-    while ((li=pConfig->clientAppConfig.tcp_client_app_list) != nullptr)
+    while ((li=client_app_config->tcp_client_app_list) != nullptr)
     {
-        pConfig->clientAppConfig.tcp_client_app_list = li->next;
+        client_app_config->tcp_client_app_list = li->next;
         if (li->module->clean)
-            li->module->clean(&clean_api);
+            li->module->clean();
         snort_free(li);
     }
-    while ((li=pConfig->clientAppConfig.udp_client_app_list) != nullptr)
+    while ((li=client_app_config->udp_client_app_list) != nullptr)
     {
-        pConfig->clientAppConfig.udp_client_app_list = li->next;
+        client_app_config->udp_client_app_list = li->next;
         if (li->module->clean)
-            li->module->clean(&clean_api);
+            li->module->clean();
         snort_free(li);
     }
 
-    luaModuleCleanAllClients();
+    sflist_static_free_all(&client_app_config->module_configs, &free_module_config);
 
-    CleanHttpPatternLists(pConfig);
-    ssl_detector_free_patterns(&pConfig->serviceSslConfig);
-    dns_detector_free_patterns(&pConfig->serviceDnsConfig);
-    CleanClientPortPatternList(pConfig);
-
-    sflist_static_free_all(&pConfig->clientAppConfig.module_configs, &free_module_config);
-    while ((match=match_free_list) != nullptr)
+    ClientAppMatch* match;
+    while ((match = match_free_list) != nullptr)
     {
         match_free_list = match->next;
         snort_free(match);
     }
+
+    clean_client_port_patterns();
+    delete client_app_config;
 }
 
 /*
@@ -802,16 +730,15 @@ static void AppIdAddClientAppInfo(AppIdSession* flowp, const char* info)
         flowp->hsession->url = snort_strdup(info);
 }
 
-static ClientAppMatch* BuildClientPatternList(const Packet* pkt, IpProtocol protocol,
-    const ClientAppConfig* pClientAppConfig)
+static ClientAppMatch* BuildClientPatternList(const Packet* pkt, IpProtocol protocol)
 {
     ClientAppMatch* match_list = nullptr;
     SearchTool* patterns;
 
     if (protocol == IpProtocol::TCP)
-        patterns = pClientAppConfig->tcp_patterns;
+        patterns = client_app_config->tcp_patterns;
     else
-        patterns = pClientAppConfig->udp_patterns;
+        patterns = client_app_config->udp_patterns;
 
     if (!patterns)
         return nullptr;
@@ -890,8 +817,7 @@ static void FreeClientPatternList(ClientAppMatch** match_list)
  *
  * @param p packet to process
  */
-static void ClientAppID(Packet* p, const int /*direction*/, AppIdSession* flowp, const
-    AppIdConfig* pConfig)
+static void ClientAppID(Packet* p, const int /*direction*/, AppIdSession* flowp)
 {
     const RNAClientAppModule* client = nullptr;
     ClientAppMatch* match_list;
@@ -918,7 +844,7 @@ static void ClientAppID(Packet* p, const int /*direction*/, AppIdSession* flowp,
         flowp->num_candidate_clients_tried = 0;
     }
 
-    match_list = BuildClientPatternList(p, flowp->protocol, &pConfig->clientAppConfig);
+    match_list = BuildClientPatternList(p, flowp->protocol);
     while (flowp->num_candidate_clients_tried < MAX_CANDIDATE_CLIENTS)
     {
         const RNAClientAppModule* tmp = GetNextFromClientPatternList(&match_list);
@@ -965,31 +891,24 @@ static void ClientAppID(Packet* p, const int /*direction*/, AppIdSession* flowp,
     }
 }
 
-int AppIdDiscoverClientApp(Packet* p, int direction, AppIdSession* rnaData,
-        const AppIdConfig* pConfig)
+int AppIdDiscoverClientApp(Packet* p, int direction, AppIdSession* rnaData)
 {
-    if (!pConfig->clientAppConfig.enabled)
+    if (!client_app_config->enabled)
         return APPID_SESSION_SUCCESS;
 
     if (direction == APP_ID_FROM_INITIATOR)
     {
         /* get out if we've already tried to validate a client app */
         if (!rnaData->getAppIdFlag(APPID_SESSION_CLIENT_DETECTED))
-            ClientAppID(p, direction, rnaData, pConfig);
+            ClientAppID(p, direction, rnaData);
     }
     else if ( rnaData->rnaServiceState != RNA_STATE_STATEFUL
               && rnaData->getAppIdFlag(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))
-        ClientAppID(p, direction, rnaData, pConfig);
+        ClientAppID(p, direction, rnaData);
 
     return APPID_SESSION_SUCCESS;
 }
 
-DetectorAppUrlList* getAppUrlList(AppIdConfig* pConfig)
-{
-    HttpPatternLists* patternLists = &pConfig->httpPatternLists;
-    return (&patternLists->appUrlList);
-}
-
 static void* client_app_flowdata_get(AppIdSession* flowp, unsigned client_id)
 {
     return flowp->get_flow_data(client_id);

diff --git a/src/network_inspectors/appid/client_plugins/client_app_base.h b/src/network_inspectors/appid/client_plugins/client_app_base.h
index 223633a986686d2d97854526ad68be9865ea1b1c..5d163b2703f1401445e6f84e3863541f7335b4fc 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_base.h
+++ b/src/network_inspectors/appid/client_plugins/client_app_base.h
@@ -23,7 +23,6 @@
 #define CLIENT_APP_BASE_H
 
 #include "appid_api.h"
-
 #include "client_app_api.h"
 
 #define GENERIC_APP_OFFSET 2000000000
@@ -31,36 +30,24 @@
 class AppIdSession;
 class AppIdConfig;
 struct Detector;
-struct DetectorSipConfig;
-struct ClientAppConfig;
 struct RNAClientAppModule;
-struct DetectorAppUrlList;
 struct Packet;
 struct ClientAppApi;
 struct RNAClientAppModuleConfig;
 
-void ClientAppInit(AppIdConfig*);
-void ClientAppFinalize(AppIdConfig*);
+void init_client_plugins();
+void finalize_client_plugins();
 void UnconfigureClientApp(AppIdConfig*);
-void CleanupClientApp(AppIdConfig*);
+void clean_client_plugins();
 int ClientAppLoadCallback(void* symbol);
-int ClientAppLoadForConfigCallback(void* symbol, ClientAppConfig*);
-void appSetClientValidator(RNAClientAppFCN, AppId, unsigned extractsInfo, AppIdConfig*);
-int LoadClientAppModules(AppIdConfig*);
+int LoadClientAppModules();
 void ClientAppRegisterPattern(RNAClientAppFCN, IpProtocol proto, const uint8_t* const pattern,
-        unsigned size, int position, unsigned nocase, Detector*, ClientAppConfig*);
+        unsigned size, int position, unsigned nocase, Detector*);
 const ClientAppApi* getClientApi();
-RNAClientAppModuleConfig* getClientAppModuleConfig(const char* moduleName, ClientAppConfig*);
-int AppIdDiscoverClientApp(Packet* p, int direction, AppIdSession*, const AppIdConfig*);
+RNAClientAppModuleConfig* getClientAppModuleConfig(const char* moduleName);
+int AppIdDiscoverClientApp(Packet* p, int direction, AppIdSession*);
 void AppIdAddClientApp(AppIdSession*, AppId service_id, AppId id, const char* version);
-DetectorAppUrlList* getAppUrlList(AppIdConfig*);
-const RNAClientAppModule* ClientAppGetClientAppModule(RNAClientAppFCN, Detector*,
-        ClientAppConfig*);
-int sipUaPatternAdd( AppId, const char* clientVersion, const char* uaPattern, DetectorSipConfig*);
-int sipServerPatternAdd(AppId, const char* clientVersion, const char* uaPattern,
-        DetectorSipConfig*);
-int sipUaFinalize(DetectorSipConfig*);
-int sipServerFinalize();
-int portPatternFinalize(AppIdConfig*);
+
+const RNAClientAppModule* ClientAppGetClientAppModule(RNAClientAppFCN, Detector*);
 
 #endif

diff --git a/src/network_inspectors/appid/client_plugins/client_app_bit.cc b/src/network_inspectors/appid/client_plugins/client_app_bit.cc
index f02ec54466f2a3b90ac9f8102edf5f3201e60cfb..2ba14146612cf38cdc87806cb59182c38feb3eda 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_bit.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_bit.cc
@@ -73,8 +73,7 @@ THREAD_LOCAL BIT_CLIENT_APP_CONFIG bit_config;
 
 static CLIENT_APP_RETCODE bit_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE bit_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule bit_client_mod =
 {
@@ -139,7 +138,7 @@ static CLIENT_APP_RETCODE bit_init(const IniClientAppAPI* const init_api, SF_LIS
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&bit_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -148,14 +147,14 @@ static CLIENT_APP_RETCODE bit_init(const IniClientAppAPI* const init_api, SF_LIS
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&bit_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE bit_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientBITData* fd;
     uint16_t offset;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc b/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc
index 4327736fdb08f198a4e46ba4472b3d83d5829917..0024591089d1b709a6ff807926c86145f0ba4046 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_bit_tracker.cc
@@ -72,7 +72,7 @@ THREAD_LOCAL BIT_CLIENT_APP_CONFIG udp_bit_config;
 
 static CLIENT_APP_RETCODE udp_bit_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE udp_bit_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule bit_tracker_client_mod =
 {
@@ -140,7 +140,7 @@ static CLIENT_APP_RETCODE udp_bit_init(const IniClientAppAPI* const init_api, SF
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)udp_patterns[i].pattern, udp_patterns[i].index);
             init_api->RegisterPattern(&udp_bit_validate, IpProtocol::UDP, udp_patterns[i].pattern,
-                udp_patterns[i].length, udp_patterns[i].index, init_api->pAppidConfig);
+                udp_patterns[i].length, udp_patterns[i].index);
         }
     }
 
@@ -149,14 +149,14 @@ static CLIENT_APP_RETCODE udp_bit_init(const IniClientAppAPI* const init_api, SF
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&udp_bit_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE udp_bit_validate(const uint8_t* data, uint16_t size, const int /*dir*/,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientBITData* fd;
     uint16_t offset;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_config.h b/src/network_inspectors/appid/client_plugins/client_app_config.h
index bd178e55a4c887b6665682c8ff1fa5a97ac84c82..999b054d01b7fe404aa9ecd5a45ba7b7959c5bcf 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_config.h
+++ b/src/network_inspectors/appid/client_plugins/client_app_config.h
@@ -35,17 +35,21 @@ struct ClientPatternData
     const RNAClientAppModule* ca;
 };
 
-struct ClientAppConfig
+class ClientAppConfig
 {
-    RNAClientAppRecord* tcp_client_app_list;    // List of all TCP client apps (C and  Lua)
-    RNAClientAppRecord* udp_client_app_list;    // List of all UDP client apps (C and Lua)
-    int enabled;
+public:
+    ClientAppConfig() {}
+    ~ClientAppConfig() {}
+
+    RNAClientAppRecord* tcp_client_app_list = nullptr;
+    RNAClientAppRecord* udp_client_app_list = nullptr;
+    bool enabled = false;
     SF_LIST module_configs;
-    ClientPatternData* pattern_data_list;
-    SearchTool* tcp_patterns;
-    int tcp_pattern_count;
-    SearchTool* udp_patterns;
-    int udp_pattern_count;
+    ClientPatternData* pattern_data_list = nullptr;
+    SearchTool* tcp_patterns = nullptr;
+    int tcp_pattern_count = 0;
+    SearchTool* udp_patterns = nullptr;
+    int udp_pattern_count = 0;
 };
 
 #endif

diff --git a/src/network_inspectors/appid/client_plugins/client_app_msn.cc b/src/network_inspectors/appid/client_plugins/client_app_msn.cc
index de17a8f67515f66dd1b30132cfe481a1d2bf3a5d..fe23bef2cbf5ea0041ef66c252de320d2425c8d2 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_msn.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_msn.cc
@@ -34,7 +34,7 @@ struct MSN_CLIENT_APP_CONFIG
 THREAD_LOCAL MSN_CLIENT_APP_CONFIG msn_config;
 
 static CLIENT_APP_RETCODE msn_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 struct Client_App_Pattern
 {
@@ -97,7 +97,7 @@ static CLIENT_APP_RETCODE msn_init(const IniClientAppAPI* const init_api, SF_LIS
             DebugFormat(DEBUG_APPID,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&msn_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -106,14 +106,14 @@ static CLIENT_APP_RETCODE msn_init(const IniClientAppAPI* const init_api, SF_LIS
         DebugFormat(DEBUG_APPID,"registering appId: %d\n",appIdRegistry[j].appId);
 
         init_api->RegisterAppId(&msn_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE msn_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet* pkt, struct Detector*)
 {
     const uint8_t* end;
     uint8_t version[MAX_VERSION_SIZE];

diff --git a/src/network_inspectors/appid/client_plugins/client_app_rtp.cc b/src/network_inspectors/appid/client_plugins/client_app_rtp.cc
index 445ef45a8e6655be4d513de891ae65d1e770507a..90fc0d289f43a121d654e11f4848de9034d221f4 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_rtp.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_rtp.cc
@@ -83,7 +83,7 @@ THREAD_LOCAL RTP_CLIENT_APP_CONFIG rtp_config;
 
 static CLIENT_APP_RETCODE rtp_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE rtp_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule rtp_client_mod =
 {
@@ -260,7 +260,7 @@ static CLIENT_APP_RETCODE rtp_init(const IniClientAppAPI* const init_api, SF_LIS
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                 (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&rtp_validate, IpProtocol::UDP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -269,14 +269,14 @@ static CLIENT_APP_RETCODE rtp_init(const IniClientAppAPI* const init_api, SF_LIS
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&rtp_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE rtp_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientRTPData* fd;
     ClientRTPMsg* hdr;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_smtp.cc b/src/network_inspectors/appid/client_plugins/client_app_smtp.cc
index 7cb159cc5ec7f9b8c9cf6862c0b529d46c69c180..a395a902e3ee746301f549759b361e39ffd1cc9a 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_smtp.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_smtp.cc
@@ -93,7 +93,7 @@ THREAD_LOCAL SMTP_CLIENT_APP_CONFIG smtp_config;
 
 static CLIENT_APP_RETCODE smtp_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE smtp_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule smtp_client_mod =
 {
@@ -219,7 +219,7 @@ static CLIENT_APP_RETCODE smtp_init(const IniClientAppAPI* const init_api, SF_LI
         for (i=0; i < sizeof(patterns)/sizeof(*patterns); i++)
         {
             init_api->RegisterPattern(&smtp_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -228,7 +228,7 @@ static CLIENT_APP_RETCODE smtp_init(const IniClientAppAPI* const init_api, SF_LI
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&smtp_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -431,7 +431,7 @@ static void freeData(void* data)
 }
 
 static CLIENT_APP_RETCODE smtp_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet* pkt, struct Detector*)
 {
     ClientSMTPData* fd;
     const uint8_t* end;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_ssh.cc b/src/network_inspectors/appid/client_plugins/client_app_ssh.cc
index a5b2ebafb156f3459b149b11f7a10a6ca4440bcc..f54a5735955e93ad0353bc50433ee6550ba428e7 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_ssh.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_ssh.cc
@@ -155,8 +155,7 @@ THREAD_LOCAL SSH_CLIENT_CONFIG ssh_client_config;
 
 static CLIENT_APP_RETCODE ssh_client_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE ssh_client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp,  Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp,  Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule ssh_client_mod =
 {
@@ -230,7 +229,7 @@ static CLIENT_APP_RETCODE ssh_client_init(const IniClientAppAPI* const init_api,
             DebugFormat(DEBUG_LOG, "registering patterns: %s: %d",
                 (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&ssh_client_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -239,7 +238,7 @@ static CLIENT_APP_RETCODE ssh_client_init(const IniClientAppAPI* const init_api,
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n", appIdRegistry[j].appId);
         init_api->RegisterAppId(&ssh_client_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -614,7 +613,7 @@ static inline CLIENT_APP_RETCODE ssh_client_sm(const uint8_t* data, uint16_t siz
 }
 
 static CLIENT_APP_RETCODE ssh_client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientSSHData* fd;
     CLIENT_APP_RETCODE sm_ret;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc b/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc
index 11165a53c033f266a95af5037602bfed9096ca4e..d178e6e52d96de706ee10ba98753ea42e31727c9 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_timbuktu.cc
@@ -70,7 +70,7 @@ THREAD_LOCAL TIMBUKTU_CLIENT_APP_CONFIG timbuktu_config;
 
 static CLIENT_APP_RETCODE timbuktu_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE timbuktu_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule timbuktu_client_mod =
 {
@@ -136,7 +136,7 @@ static CLIENT_APP_RETCODE timbuktu_init(const IniClientAppAPI* const init_api, S
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&timbuktu_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -145,14 +145,14 @@ static CLIENT_APP_RETCODE timbuktu_init(const IniClientAppAPI* const init_api, S
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&timbuktu_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE timbuktu_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientTIMBUKTUData* fd;
     uint16_t offset;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_tns.cc b/src/network_inspectors/appid/client_plugins/client_app_tns.cc
index a1f0e998bf86425152e6a35933cc0de987980ca7..2def02df3eae9b6bb0200e9898fb277bb23768e8 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_tns.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_tns.cc
@@ -130,7 +130,7 @@ THREAD_LOCAL TNS_CLIENT_APP_CONFIG tns_config;
 
 static CLIENT_APP_RETCODE tns_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE tns_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule tns_client_mod =
 {
@@ -196,7 +196,7 @@ static CLIENT_APP_RETCODE tns_init(const IniClientAppAPI* const init_api, SF_LIS
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&tns_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -205,7 +205,7 @@ static CLIENT_APP_RETCODE tns_init(const IniClientAppAPI* const init_api, SF_LIS
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&tns_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -213,7 +213,7 @@ static CLIENT_APP_RETCODE tns_init(const IniClientAppAPI* const init_api, SF_LIS
 
 #define TNS_MAX_INFO_SIZE    63
 static CLIENT_APP_RETCODE tns_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     char username[TNS_MAX_INFO_SIZE+1];
     ClientTNSData* fd;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_vnc.cc b/src/network_inspectors/appid/client_plugins/client_app_vnc.cc
index f3cc2a59b0afa769ccac1b7ba2f8ddb8c6d44a97..e680a50ad167b4628608ffb34614ec7626d5e364 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_vnc.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_vnc.cc
@@ -56,8 +56,7 @@ THREAD_LOCAL VNC_CLIENT_APP_CONFIG vnc_config;
 
 static CLIENT_APP_RETCODE vnc_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE vnc_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 SO_PUBLIC RNAClientAppModule vnc_client_mod =
 {
@@ -125,7 +124,7 @@ static CLIENT_APP_RETCODE vnc_init(const IniClientAppAPI* const init_api, SF_LIS
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&vnc_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -134,14 +133,14 @@ static CLIENT_APP_RETCODE vnc_init(const IniClientAppAPI* const init_api, SF_LIS
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&vnc_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE vnc_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientVNCData* fd;
     uint16_t offset;

diff --git a/src/network_inspectors/appid/client_plugins/client_app_ym.cc b/src/network_inspectors/appid/client_plugins/client_app_ym.cc
index f46c8bd51e62e4a4f68fd107fb570ec8e8b5c2a2..ff9dbe740248b6c065d2bd788b9b0f0edbeade0f 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_ym.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_ym.cc
@@ -40,7 +40,7 @@ THREAD_LOCAL YM_CLIENT_APP_CONFIG ym_config;
 
 static CLIENT_APP_RETCODE ym_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE ym_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 RNAClientAppModule ym_client_mod =
 {
@@ -109,7 +109,7 @@ static CLIENT_APP_RETCODE ym_init(const IniClientAppAPI* const init_api, SF_LIST
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&ym_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -118,7 +118,7 @@ static CLIENT_APP_RETCODE ym_init(const IniClientAppAPI* const init_api, SF_LIST
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&ym_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -140,7 +140,7 @@ static const uint8_t* skip_separator(const uint8_t* data, const uint8_t* end)
 }
 
 static CLIENT_APP_RETCODE ym_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet* pkt, Detector*)
 {
 #define HEADERSIZE 20
 #define VERSIONID "135"

diff --git a/src/network_inspectors/appid/detector_plugins/detector_base.cc b/src/network_inspectors/appid/detector_plugins/detector_base.cc
index 7532f034410692179e79cbbdf696888443515cb2..74cd80bda2c55165781665a415b6b23613929f83 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_base.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_base.cc
@@ -46,6 +46,8 @@ static RNADetectorValidationModule* static_detector_list[]
     &pop3_detector_mod,
     &kerberos_detector_mod
 };
+const uint32_t NUM_STATIC_DETECTORS =
+        sizeof(static_detector_list) / sizeof(RNADetectorValidationModule*);
 
 //callback function for initializing static and dynamic detectors.
 static int detectorLoadCallback(void* symbol)
@@ -58,21 +60,14 @@ static int detectorLoadCallback(void* symbol)
         ErrorMessage("Maximum number of detector modules exceeded");
         return -1;
     }
+
     if (svm->service)
-    {
         if (serviceLoadCallback(svm->service))
-        {
             return -1;
-        }
-    }
 
     if (svm->client)
-    {
         if (ClientAppLoadCallback(svm->client))
-        {
             return -1;
-        }
-    }
 
     svm->api = &detector_api;
     svm->flow_data_index = detector_module_index | APPID_SESSION_DATA_DETECTOR_MODSTATE_BIT;
@@ -81,11 +76,11 @@ static int detectorLoadCallback(void* symbol)
     return 0;
 }
 
-int LoadDetectorModules(const char** )
+int init_detector_plugins()
 {
     unsigned i;
 
-    for (i=0; i<sizeof(static_detector_list)/sizeof(*static_detector_list); i++)
+    for (i=0; i < NUM_STATIC_DETECTORS; i++)
     {
         if (static_detector_list[i] && detectorLoadCallback(static_detector_list[i]))
             return -1;

diff --git a/src/network_inspectors/appid/detector_plugins/detector_base.h b/src/network_inspectors/appid/detector_plugins/detector_base.h
index b2bf97c134ba99d50926ec5ebbca758817c9569b..d55c671927d63a05da2adf34e594be143793bde9 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_base.h
+++ b/src/network_inspectors/appid/detector_plugins/detector_base.h
@@ -22,7 +22,7 @@
 #ifndef DETECTOR_BASE_H
 #define DETECTOR_BASE_H
 
-int LoadDetectorModules(const char** dir_list);
+int init_detector_plugins();
 
 #endif
 

diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc
index e5f472444cfdfc78f4a2c6cafe299ba4cd668360..a7191db4461d7946f476ebfb11e26b0cafeefc37 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc
@@ -201,11 +201,10 @@ static AppRegistryEntry appIdRegistry[] =
 
 static CLIENT_APP_RETCODE dns_udp_client_init(const IniClientAppAPI* const, SF_LIST*);
 static CLIENT_APP_RETCODE dns_tcp_client_init(const IniClientAppAPI* const, SF_LIST*);
-static CLIENT_APP_RETCODE dns_udp_client_validate(
-    const uint8_t*, uint16_t, const int, AppIdSession*, Packet*, Detector*, const AppIdConfig*);
-
-static CLIENT_APP_RETCODE dns_tcp_client_validate(
-    const uint8_t*, uint16_t, const int, AppIdSession*, Packet*, Detector*, const AppIdConfig*);
+static CLIENT_APP_RETCODE dns_udp_client_validate(const uint8_t*, uint16_t, const int,
+        AppIdSession*, Packet*, Detector*);
+static CLIENT_APP_RETCODE dns_tcp_client_validate(const uint8_t*, uint16_t, const int,
+        AppIdSession*, Packet*, Detector*);
 
 SO_PUBLIC RNAClientAppModule dns_udp_client_mod =
 {
@@ -239,19 +238,34 @@ SO_PUBLIC RNAClientAppModule dns_tcp_client_mod =
     0,                          // flow_data_index
 };
 
+struct ServiceDnsConfig
+{
+    DetectorDNSHostPattern* DetectorDNSHostPatternList;
+    SearchTool* dns_host_host_matcher;
+};
+static THREAD_LOCAL ServiceDnsConfig serviceDnsConfig;      // DNS service configuration
+
 static CLIENT_APP_RETCODE dns_udp_client_init(const IniClientAppAPI* const, SF_LIST*)
-{ return CLIENT_APP_SUCCESS; }
+{
+    return CLIENT_APP_SUCCESS;
+}
 
 static CLIENT_APP_RETCODE dns_tcp_client_init(const IniClientAppAPI* const, SF_LIST*)
-{ return CLIENT_APP_SUCCESS; }
+{
+    return CLIENT_APP_SUCCESS;
+}
 
-static CLIENT_APP_RETCODE dns_udp_client_validate(
-    const uint8_t*, uint16_t, const int, AppIdSession*, Packet*, Detector*, const AppIdConfig*)
-{ return CLIENT_APP_INPROCESS; }
+static CLIENT_APP_RETCODE dns_udp_client_validate(const uint8_t*, uint16_t, const int, AppIdSession*,
+        Packet*, Detector*)
+{
+    return CLIENT_APP_INPROCESS;
+}
 
-static CLIENT_APP_RETCODE dns_tcp_client_validate(
-    const uint8_t*, uint16_t, const int, AppIdSession*, Packet*, Detector*, const AppIdConfig*)
-{ return CLIENT_APP_INPROCESS; }
+static CLIENT_APP_RETCODE dns_tcp_client_validate( const uint8_t*, uint16_t, const int, AppIdSession*,
+        Packet*, Detector*)
+{
+    return CLIENT_APP_INPROCESS;
+}
 
 static int dns_host_pattern_match(void* id, void*, int index, void* data, void*)
 {
@@ -268,34 +282,33 @@ static int dns_host_pattern_match(void* id, void*, int index, void* data, void*)
     return 0;
 }
 
-static int dns_host_detector_create_matcher(ServiceDnsConfig* pDnsConfig,
-    DetectorDNSHostPattern* list)
+static int dns_host_detector_create_matcher(DetectorDNSHostPattern* list)
 {
     DetectorDNSHostPattern* element = nullptr;
 
-    if (pDnsConfig->dns_host_host_matcher)
-        delete pDnsConfig->dns_host_host_matcher;
+    if (serviceDnsConfig.dns_host_host_matcher)
+        delete serviceDnsConfig.dns_host_host_matcher;
 
-    pDnsConfig->dns_host_host_matcher = new SearchTool("ac_full");
-    if (!pDnsConfig->dns_host_host_matcher)
+    serviceDnsConfig.dns_host_host_matcher = new SearchTool("ac_full");
+    if (!serviceDnsConfig.dns_host_host_matcher)
         return 0;
 
     /* Add patterns from Lua API */
     for (element = list; element; element = element->next)
     {
-        pDnsConfig->dns_host_host_matcher->add((char*)element->dpattern->pattern,
+        serviceDnsConfig.dns_host_host_matcher->add((char*)element->dpattern->pattern,
             element->dpattern->pattern_size, element->dpattern, true);
     }
 
-    pDnsConfig->dns_host_host_matcher->prep();
+    serviceDnsConfig.dns_host_host_matcher->prep();
 
     return 1;
 }
 
-int dns_host_detector_process_patterns(ServiceDnsConfig* pDnsConfig)
+int dns_host_detector_process_patterns()
 {
     int retVal = 1;
-    if (!dns_host_detector_create_matcher(pDnsConfig, pDnsConfig->DetectorDNSHostPatternList))
+    if (!dns_host_detector_create_matcher(serviceDnsConfig.DetectorDNSHostPatternList))
         retVal = 0;
     return retVal;
 }
@@ -307,7 +320,7 @@ static int dns_service_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR, "registering appId: %d\n", appIdRegistry[i].appId);
         init_api->RegisterAppId(&dns_udp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;
@@ -827,18 +840,20 @@ static int dns_host_scan_patterns(SearchTool* matcher, const uint8_t* pattern, s
 }
 
 int dns_host_scan_hostname(const uint8_t* pattern, size_t size, AppId* ClientAppId,
-    AppId* payloadId, const ServiceDnsConfig* pDnsConfig)
+    AppId* payloadId)
 {
-    return dns_host_scan_patterns(pDnsConfig->dns_host_host_matcher, pattern, size, ClientAppId,
-        payloadId);
+    return dns_host_scan_patterns(serviceDnsConfig.dns_host_host_matcher, pattern, size,
+               +ClientAppId, payloadId);
 }
 
-void service_dns_host_clean(ServiceDnsConfig* pDnsConfig)
+void service_dns_host_clean()
 {
-    if (pDnsConfig->dns_host_host_matcher )
+    dns_detector_free_patterns();
+
+    if (serviceDnsConfig.dns_host_host_matcher )
     {
-        delete pDnsConfig->dns_host_host_matcher;
-        pDnsConfig->dns_host_host_matcher = nullptr;
+        delete serviceDnsConfig.dns_host_host_matcher;
+        serviceDnsConfig.dns_host_host_matcher = nullptr;
     }
 }
 
@@ -863,10 +878,9 @@ static int dns_add_pattern(DetectorDNSHostPattern** list, uint8_t* pattern_str,
     return 1;
 }
 
-int dns_add_host_pattern(uint8_t* pattern_str, size_t pattern_size, uint8_t type, AppId app_id,
-    ServiceDnsConfig* pDnsConfig)
+int dns_add_host_pattern(uint8_t* pattern_str, size_t pattern_size, uint8_t type, AppId app_id)
 {
-    return dns_add_pattern(&pDnsConfig->DetectorDNSHostPatternList, pattern_str, pattern_size,
+    return dns_add_pattern(&serviceDnsConfig.DetectorDNSHostPatternList, pattern_str, pattern_size,
         type, app_id);
 }
 
@@ -887,9 +901,9 @@ static void dns_patterns_free(DetectorDNSHostPattern** list)
     }
 }
 
-void dns_detector_free_patterns(ServiceDnsConfig* pDnsConfig)
+void dns_detector_free_patterns()
 {
-    dns_patterns_free(&pDnsConfig->DetectorDNSHostPatternList);
+    dns_patterns_free(&serviceDnsConfig.DetectorDNSHostPatternList);
 }
 
 char* dns_parse_host(const uint8_t* host, uint8_t host_len)

diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.h b/src/network_inspectors/appid/detector_plugins/detector_dns.h
index b262de8ebd5ac72bf6b0c96939bdda2ff3577991..e22512bd9e5bf22011a0f2c0bcbadd060d5a3263 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_dns.h
+++ b/src/network_inspectors/appid/detector_plugins/detector_dns.h
@@ -26,17 +26,16 @@
 
 struct RNAServiceValidationModule;
 struct RNAClientAppModule;
-struct ServiceDnsConfig;
 
 extern struct RNAServiceValidationModule dns_service_mod;
 extern struct RNAClientAppModule dns_udp_client_mod;
 extern struct RNAClientAppModule dns_tcp_client_mod;
 
-int dns_host_scan_hostname(const uint8_t*, size_t, AppId*, AppId*, const ServiceDnsConfig*);
-void service_dns_host_clean(ServiceDnsConfig* pConfig);
-int dns_host_detector_process_patterns(ServiceDnsConfig* pConfig);
-int dns_add_host_pattern(uint8_t*, size_t, uint8_t, AppId, ServiceDnsConfig*);
-void dns_detector_free_patterns(ServiceDnsConfig* pConfig);
+int dns_host_scan_hostname(const uint8_t*, size_t, AppId*, AppId*);
+void service_dns_host_clean();
+int dns_host_detector_process_patterns();
+int dns_add_host_pattern(uint8_t*, size_t, uint8_t, AppId);
+void dns_detector_free_patterns();
 char* dns_parse_host(const uint8_t* host, uint8_t host_len);
 
 #endif

diff --git a/src/network_inspectors/appid/detector_plugins/detector_http.cc b/src/network_inspectors/appid/detector_plugins/detector_http.cc
index aee3a15d5df7584adff0f2d7d882a819199b1d8f..ef192dcf3b4a5f7d56aca9eacd1a43d5361fd6d6 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_http.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_http.cc
@@ -331,6 +331,253 @@ static HeaderPattern header_patterns[] =
     { HTTP_ID_LEN, (uint8_t*)HTTP_HEADER_LF, HTTP_HEADER_LF_SIZE }
 };
 
+class DetectorHttpConfig
+{
+public:
+    DetectorHttpConfig() {}
+    ~DetectorHttpConfig() {}
+
+    SearchTool* url_matcher = nullptr;
+    SearchTool* client_agent_matcher = nullptr;
+    SearchTool* via_matcher = nullptr;
+    tMlmpTree* host_url_matcher = nullptr;
+    tMlmpTree* RTMPHosUrlMatcher = nullptr;
+    SearchTool* header_matcher = nullptr;
+    SearchTool* content_type_matcher = nullptr;
+    SearchTool* chp_matchers[MAX_PATTERN_TYPE + 1] = { nullptr };
+    HosUrlPatternsList* hosUrlPatternsList = nullptr;
+};
+
+static THREAD_LOCAL DetectorHttpConfig* detectorHttpConfig = nullptr;
+
+#define URL_LIST_STEP_SIZE  5000
+class HttpPatternLists
+{
+public:
+    HttpPatternLists() {}
+    ~HttpPatternLists() {}
+
+    HTTPListElement* hostPayloadPatternList = nullptr;
+    HTTPListElement* urlPatternList = nullptr;
+    HTTPListElement* clientAgentPatternList = nullptr;
+    HTTPListElement* contentTypePatternList = nullptr;
+    CHPListElement* chpList = nullptr;
+    DetectorAppUrlList appUrlList;
+    DetectorAppUrlList RTMPUrlList;
+};
+
+static THREAD_LOCAL HttpPatternLists* httpPatternLists = nullptr;
+
+void init_http_detector()
+{
+    httpPatternLists = new HttpPatternLists;
+}
+
+static void FreeDetectorAppUrlPattern(DetectorAppUrlPattern* pattern)
+{
+    if (pattern)
+    {
+        if (pattern->userData.query.pattern)
+            snort_free(*(void**)&pattern->userData.query.pattern);
+        if (pattern->patterns.host.pattern)
+            snort_free(*(void**)&pattern->patterns.host.pattern);
+        if (pattern->patterns.path.pattern)
+            snort_free(*(void**)&pattern->patterns.path.pattern);
+        if (pattern->patterns.scheme.pattern)
+            snort_free(*(void**)&pattern->patterns.scheme.pattern);
+        snort_free(pattern);
+    }
+}
+
+void insert_chp_pattern(CHPListElement* chpa)
+{
+    CHPListElement* tmp_chpa = httpPatternLists->chpList;
+    if (!tmp_chpa)
+        httpPatternLists->chpList = chpa;
+    else
+    {
+        while (tmp_chpa->next)
+            tmp_chpa = tmp_chpa->next;
+        tmp_chpa->next = chpa;
+    }
+}
+
+void insert_http_pattern_element(enum httpPatternType pType, HTTPListElement* element)
+{
+    switch (pType)
+    {
+    case HTTP_PAYLOAD:
+        element->next = httpPatternLists->hostPayloadPatternList;
+        httpPatternLists->hostPayloadPatternList = element;
+        break;
+    case HTTP_URL:
+        element->next = httpPatternLists->urlPatternList;
+        httpPatternLists->urlPatternList = element;
+        break;
+    case HTTP_USER_AGENT:
+        element->next = httpPatternLists->clientAgentPatternList;
+        httpPatternLists->clientAgentPatternList = element;
+        break;
+    }
+}
+
+void insert_content_type_pattern(HTTPListElement* element)
+{
+    element->next = httpPatternLists->contentTypePatternList;
+    httpPatternLists->contentTypePatternList = element;
+}
+
+void insert_url_pattern(DetectorAppUrlPattern* pattern)
+{
+    DetectorAppUrlList* urlList = &httpPatternLists->appUrlList;
+    /**first time usedCount and allocatedCount are both 0, urlPattern will be nullptr.
+     * This case is same as malloc. In case of error, realloc will return nullptr, and
+     * original urlPattern buffer is left untouched.
+     */
+    if (urlList->usedCount == urlList->allocatedCount)
+    {
+        DetectorAppUrlPattern** tmp = (decltype(tmp)) (realloc(urlList->urlPattern,
+                (urlList->allocatedCount + URL_LIST_STEP_SIZE) * sizeof(*tmp)));
+        if (!tmp)
+        {
+            FreeDetectorAppUrlPattern(pattern);
+            //return 0;
+        }
+        urlList->urlPattern = tmp;
+        urlList->allocatedCount += URL_LIST_STEP_SIZE;
+    }
+    urlList->urlPattern[urlList->usedCount++] = pattern;
+}
+
+void insert_rtmp_url_pattern(DetectorAppUrlPattern* pattern)
+{
+    DetectorAppUrlList* urlList = &httpPatternLists->RTMPUrlList;
+    /**first time usedCount and allocatedCount are both 0, urlPattern will be nullptr.
+     * This case is same as malloc. In case of error, realloc will return nullptr, and
+     * original urlPattern buffer is left untouched.
+     */
+    if (urlList->usedCount == urlList->allocatedCount)
+    {
+        DetectorAppUrlPattern** tmp = (decltype(tmp)) (realloc(urlList->urlPattern,
+                (urlList->allocatedCount + URL_LIST_STEP_SIZE) * sizeof(*tmp)));
+        if (!tmp)
+        {
+            FreeDetectorAppUrlPattern(pattern);
+            //return 0;
+        }
+        urlList->urlPattern = tmp;
+        urlList->allocatedCount += URL_LIST_STEP_SIZE;
+    }
+    urlList->urlPattern[urlList->usedCount++] = pattern;
+}
+
+void insert_app_url_pattern(DetectorAppUrlPattern* pattern)
+{
+    DetectorAppUrlList* urlList = &httpPatternLists->appUrlList;
+    /**first time usedCount and allocatedCount are both 0, urlPattern will be nullptr.
+     * This case is same as malloc. In case of error, realloc will return nullptr, and
+     * original urlPattern buffer is left untouched.
+     */
+    if (urlList->usedCount == urlList->allocatedCount)
+    {
+        DetectorAppUrlPattern** tmp = (decltype(tmp)) (realloc(urlList->urlPattern,
+                (urlList->allocatedCount + URL_LIST_STEP_SIZE) * sizeof(*tmp)));
+        if (!tmp)
+        {
+            FreeDetectorAppUrlPattern(pattern);
+            //return 0;
+        }
+        urlList->urlPattern = tmp;
+        urlList->allocatedCount += URL_LIST_STEP_SIZE;
+    }
+    urlList->urlPattern[urlList->usedCount++] = pattern;
+}
+
+DetectorAppUrlList* getAppUrlList()
+{
+    return (&httpPatternLists->appUrlList);
+}
+
+static void FreeHTTPListElement(HTTPListElement* element)
+{
+    if (element)
+    {
+        if (element->detectorHTTPPattern.pattern)
+            snort_free(element->detectorHTTPPattern.pattern);
+        snort_free(element);
+    }
+}
+
+static void FreeCHPAppListElement(CHPListElement* element)
+{
+    if (element)
+    {
+        if (element->chp_action.pattern)
+            snort_free(element->chp_action.pattern);
+        if (element->chp_action.action_data)
+            snort_free(element->chp_action.action_data);
+        snort_free (element);
+    }
+}
+
+static void CleanHttpPatternLists()
+{
+    HTTPListElement* element;
+    CHPListElement* chpe;
+    size_t i;
+
+    for (i = 0; i < httpPatternLists->appUrlList.usedCount; i++)
+    {
+        FreeDetectorAppUrlPattern(httpPatternLists->appUrlList.urlPattern[i]);
+        httpPatternLists->appUrlList.urlPattern[i] = nullptr;
+    }
+    for (i = 0; i < httpPatternLists->RTMPUrlList.usedCount; i++)
+    {
+        FreeDetectorAppUrlPattern(httpPatternLists->RTMPUrlList.urlPattern[i]);
+        httpPatternLists->RTMPUrlList.urlPattern[i] = nullptr;
+    }
+    if (httpPatternLists->appUrlList.urlPattern)
+    {
+        // FIXIT-M: still allocated by malloc/realloc
+        free(httpPatternLists->appUrlList.urlPattern);
+        httpPatternLists->appUrlList.urlPattern = nullptr;
+    }
+    httpPatternLists->appUrlList.allocatedCount = 0;
+    if (httpPatternLists->RTMPUrlList.urlPattern)
+    {
+        free(httpPatternLists->RTMPUrlList.urlPattern);
+        httpPatternLists->RTMPUrlList.urlPattern = nullptr;
+    }
+    httpPatternLists->RTMPUrlList.allocatedCount = 0;
+    httpPatternLists->appUrlList.usedCount = 0;
+    httpPatternLists->RTMPUrlList.usedCount = 0;
+    while ((element = httpPatternLists->clientAgentPatternList))
+    {
+        httpPatternLists->clientAgentPatternList = element->next;
+        FreeHTTPListElement(element);
+    }
+    while ((element = httpPatternLists->hostPayloadPatternList))
+    {
+        httpPatternLists->hostPayloadPatternList = element->next;
+        FreeHTTPListElement(element);
+    }
+    while ((element = httpPatternLists->urlPatternList))
+    {
+        httpPatternLists->urlPatternList = element->next;
+        FreeHTTPListElement(element);
+    }
+    while ((element = httpPatternLists->contentTypePatternList))
+    {
+        httpPatternLists->contentTypePatternList = element->next;
+        FreeHTTPListElement(element);
+    }
+    while ((chpe = httpPatternLists->chpList))
+    {
+        httpPatternLists->chpList = chpe->next;
+        FreeCHPAppListElement(chpe);
+    }
+}
+
 static int content_pattern_match(void* id, void*, int index, void* data, void*)
 {
     MatchedPatterns* cm;
@@ -506,27 +753,22 @@ static SearchTool* processPatterns(DetectorHTTPPattern* patternList,
     return patternMatcher;
 }
 
-static int processHostPatterns(
-    DetectorHTTPPattern* patternList,
-    size_t patternListCount,
-    HTTPListElement* luaPatternList,
-    DetectorAppUrlList* urlPatternList,
-    DetectorAppUrlList* RTMPUrlList,
-    DetectorHttpConfig* pHttpConfig
-    )
+static int processHostPatterns(DetectorHTTPPattern* patternList, size_t patternListCount,
+    HTTPListElement* luaPatternList, DetectorAppUrlList* urlPatternList,
+    DetectorAppUrlList* RTMPUrlList)
 {
     HTTPListElement* element;
     DetectorAppUrlPattern* appUrlPattern;
 
-    if (!pHttpConfig->hosUrlMatcher)
-        pHttpConfig->hosUrlMatcher = mlmpCreate();
+    if (!detectorHttpConfig->host_url_matcher)
+        detectorHttpConfig->host_url_matcher = mlmpCreate();
 
-    if (!pHttpConfig->RTMPHosUrlMatcher)
-        pHttpConfig->RTMPHosUrlMatcher = mlmpCreate();
+    if (!detectorHttpConfig->RTMPHosUrlMatcher)
+        detectorHttpConfig->RTMPHosUrlMatcher = mlmpCreate();
 
     for (uint32_t i = 0; i < patternListCount; i++)
     {
-        if (addMlmpPattern(pHttpConfig->hosUrlMatcher,  &pHttpConfig->hosUrlPatternsList,
+        if (addMlmpPattern(detectorHttpConfig->host_url_matcher,  &detectorHttpConfig->hosUrlPatternsList,
             patternList[i].pattern, patternList[i].pattern_size,
             nullptr, 0, nullptr, 0, patternList[i].appId, patternList[i].payload,
             patternList[i].service_id,
@@ -536,7 +778,7 @@ static int processHostPatterns(
 
     for (element = luaPatternList; element != 0; element = element->next)
     {
-        if (addMlmpPattern(pHttpConfig->hosUrlMatcher, &pHttpConfig->hosUrlPatternsList,
+        if (addMlmpPattern(detectorHttpConfig->host_url_matcher, &detectorHttpConfig->hosUrlPatternsList,
             element->detectorHTTPPattern.pattern, element->detectorHTTPPattern.pattern_size,
             nullptr, 0, nullptr, 0, element->detectorHTTPPattern.appId,
             element->detectorHTTPPattern.payload, element->detectorHTTPPattern.service_id,
@@ -547,7 +789,7 @@ static int processHostPatterns(
     for (uint32_t i = 0; i < RTMPUrlList->usedCount; i++)
     {
         appUrlPattern = RTMPUrlList->urlPattern[i];
-        if (addMlmpPattern(pHttpConfig->RTMPHosUrlMatcher, &pHttpConfig->hosUrlPatternsList,
+        if (addMlmpPattern(detectorHttpConfig->RTMPHosUrlMatcher, &detectorHttpConfig->hosUrlPatternsList,
             appUrlPattern->patterns.host.pattern, appUrlPattern->patterns.host.patternSize,
             appUrlPattern->patterns.path.pattern, appUrlPattern->patterns.path.patternSize,
             appUrlPattern->userData.query.pattern, appUrlPattern->userData.query.patternSize,
@@ -560,7 +802,7 @@ static int processHostPatterns(
     for (uint32_t i = 0; i < urlPatternList->usedCount; i++)
     {
         appUrlPattern = urlPatternList->urlPattern[i];
-        if (addMlmpPattern(pHttpConfig->hosUrlMatcher, &pHttpConfig->hosUrlPatternsList,
+        if (addMlmpPattern(detectorHttpConfig->host_url_matcher, &detectorHttpConfig->hosUrlPatternsList,
             appUrlPattern->patterns.host.pattern, appUrlPattern->patterns.host.patternSize,
             appUrlPattern->patterns.path.pattern, appUrlPattern->patterns.path.patternSize,
             appUrlPattern->userData.query.pattern, appUrlPattern->userData.query.patternSize,
@@ -570,8 +812,8 @@ static int processHostPatterns(
             return -1;
     }
 
-    mlmpProcessPatterns(pHttpConfig->hosUrlMatcher);
-    mlmpProcessPatterns(pHttpConfig->RTMPHosUrlMatcher);
+    mlmpProcessPatterns(detectorHttpConfig->host_url_matcher);
+    mlmpProcessPatterns(detectorHttpConfig->RTMPHosUrlMatcher);
     return 0;
 }
 
@@ -603,29 +845,28 @@ static SearchTool* processContentTypePatterns(DetectorHTTPPattern* patternList,
     return patternMatcher;
 }
 
-static int processCHPList(CHPListElement* chplist, DetectorHttpConfig* pHttpConfig)
+static int processCHPList(CHPListElement* chplist)
 {
     CHPListElement* chpe;
 
-    for (size_t i = 0; i < sizeof(pHttpConfig->chp_matchers)/sizeof(pHttpConfig->chp_matchers[0]);
-        i++)
+    for (size_t i = 0; i <= MAX_PATTERN_TYPE; i++)
     {
-        pHttpConfig->chp_matchers[i] = new SearchTool("ac_full");
-        if (!pHttpConfig->chp_matchers[i])
+        detectorHttpConfig->chp_matchers[i] = new SearchTool("ac_full");
+        if (!detectorHttpConfig->chp_matchers[i])
             return 0;
     }
 
     for (chpe = chplist; chpe; chpe = chpe->next)
     {
-        pHttpConfig->chp_matchers[chpe->chp_action.ptype]->add(chpe->chp_action.pattern,
+        detectorHttpConfig->chp_matchers[chpe->chp_action.ptype]->add(chpe->chp_action.pattern,
             chpe->chp_action.psize,
             &chpe->chp_action,
             true);
     }
 
-    for (size_t i = 0; i < sizeof(pHttpConfig->chp_matchers)/sizeof(pHttpConfig->chp_matchers[0]);
+    for (size_t i = 0; i < sizeof(detectorHttpConfig->chp_matchers)/sizeof(detectorHttpConfig->chp_matchers[0]);
         i++)
-        pHttpConfig->chp_matchers[i]->prep();
+        detectorHttpConfig->chp_matchers[i]->prep();
 
     return 1;
 }
@@ -642,91 +883,77 @@ static SearchTool* registerHeaderPatterns(HeaderPattern* patternList, size_t pat
     return patternMatcher;
 }
 
-int http_detector_finalize(AppIdConfig* pConfig)
+int finalize_http_detector()
 {
     size_t upc = 0;
     size_t apc = 0;
     size_t ctc = 0;
     size_t vpc = 0;
-
-    DetectorHttpConfig* pHttpConfig = &pConfig->detectorHttpConfig;
-    HttpPatternLists* patternLists = &pConfig->httpPatternLists;
     uint32_t numPatterns;
 
+    detectorHttpConfig = new DetectorHttpConfig;
+
     /*create via pattern matcher */
     numPatterns = sizeof(via_http_detector_patterns)/sizeof(*via_http_detector_patterns);
-    pHttpConfig->via_matcher = processPatterns(via_http_detector_patterns, numPatterns, &vpc,
+    detectorHttpConfig->via_matcher = processPatterns(via_http_detector_patterns, numPatterns, &vpc,
         nullptr);
-    if (!pHttpConfig->via_matcher)
+    if (!detectorHttpConfig->via_matcher)
         return -1;
 
     /*create url pattern matcher */
-    pHttpConfig->url_matcher = processPatterns(nullptr, 0, &upc,
-        patternLists->urlPatternList);
-    if (!pHttpConfig->url_matcher)
+    detectorHttpConfig->url_matcher = processPatterns(nullptr, 0, &upc, httpPatternLists->urlPatternList);
+    if (!detectorHttpConfig->url_matcher)
         return -1;
 
     /*create client agent pattern matcher */
     numPatterns = sizeof(client_agent_patterns)/sizeof(*client_agent_patterns);
-    pHttpConfig->client_agent_matcher = processPatterns(client_agent_patterns,numPatterns, &apc,
-        patternLists->clientAgentPatternList);
-    if (!pHttpConfig->client_agent_matcher)
+    detectorHttpConfig->client_agent_matcher = processPatterns(client_agent_patterns,numPatterns,
+            &apc, httpPatternLists->clientAgentPatternList);
+    if (!detectorHttpConfig->client_agent_matcher)
         return -1;
 
     numPatterns = sizeof(header_patterns)/sizeof(*header_patterns);
-    pHttpConfig->header_matcher = registerHeaderPatterns(header_patterns,numPatterns);
-    if (!pHttpConfig->header_matcher)
+    detectorHttpConfig->header_matcher = registerHeaderPatterns(header_patterns, numPatterns);
+    if (!detectorHttpConfig->header_matcher)
         return -1;
 
     numPatterns = sizeof(host_payload_http_detector_patterns)/
         sizeof(*host_payload_http_detector_patterns);
     if (processHostPatterns(host_payload_http_detector_patterns, numPatterns,
-        patternLists->hostPayloadPatternList, &patternLists->appUrlList,
-        &patternLists->RTMPUrlList, pHttpConfig) < 0)
+        httpPatternLists->hostPayloadPatternList, &httpPatternLists->appUrlList,
+        &httpPatternLists->RTMPUrlList) < 0)
         return -1;
 
     numPatterns = sizeof(content_type_patterns)/sizeof(*content_type_patterns);
-    pHttpConfig->content_type_matcher = processContentTypePatterns(content_type_patterns,
-        numPatterns, patternLists->contentTypePatternList, &ctc);
-    if (!pHttpConfig->content_type_matcher)
+    detectorHttpConfig->content_type_matcher = processContentTypePatterns(content_type_patterns,
+        numPatterns, httpPatternLists->contentTypePatternList, &ctc);
+    if (!detectorHttpConfig->content_type_matcher)
         return -1;
 
-    if (!processCHPList(patternLists->chpList, pHttpConfig))
+    if (!processCHPList(httpPatternLists->chpList))
         return -1;
 
-    pHttpConfig->chp_user_agent_matcher = pHttpConfig->chp_matchers[AGENT_PT];
-    pHttpConfig->chp_host_matcher = pHttpConfig->chp_matchers[HOST_PT];
-    pHttpConfig->chp_referer_matcher = pHttpConfig->chp_matchers[REFERER_PT];
-    pHttpConfig->chp_uri_matcher = pHttpConfig->chp_matchers[URI_PT];
-    pHttpConfig->chp_cookie_matcher = pHttpConfig->chp_matchers[COOKIE_PT];
-    pHttpConfig->chp_req_body_matcher = pHttpConfig->chp_matchers[REQ_BODY_PT];
-    pHttpConfig->chp_content_type_matcher = pHttpConfig->chp_matchers[CONTENT_TYPE_PT];
-    pHttpConfig->chp_location_matcher = pHttpConfig->chp_matchers[LOCATION_PT];
-    pHttpConfig->chp_body_matcher = pHttpConfig->chp_matchers[BODY_PT];
-
     return 0;
 }
 
-void http_detector_clean(DetectorHttpConfig* pHttpConfig)
-{
-    delete pHttpConfig->via_matcher;
-    delete pHttpConfig->url_matcher;
-    delete pHttpConfig->client_agent_matcher;
-    delete pHttpConfig->header_matcher;
-    delete pHttpConfig->content_type_matcher;
-    delete pHttpConfig->chp_user_agent_matcher;
-    delete pHttpConfig->chp_host_matcher;
-    delete pHttpConfig->chp_uri_matcher;
-    delete pHttpConfig->chp_cookie_matcher;
-    delete pHttpConfig->chp_content_type_matcher;
-    delete pHttpConfig->chp_location_matcher;
-    delete pHttpConfig->chp_body_matcher;
-    delete pHttpConfig->chp_req_body_matcher;
-    delete pHttpConfig->chp_referer_matcher;
-
-    destroyHosUrlMatcher(&pHttpConfig->hosUrlMatcher);
-    destroyHosUrlMatcher(&pHttpConfig->RTMPHosUrlMatcher);
-    destroyHosUrlPatternList(&pHttpConfig->hosUrlPatternsList);
+void clean_http_detector()
+{
+    delete detectorHttpConfig->via_matcher;
+    delete detectorHttpConfig->url_matcher;
+    delete detectorHttpConfig->client_agent_matcher;
+    delete detectorHttpConfig->header_matcher;
+    delete detectorHttpConfig->content_type_matcher;
+
+    for (size_t i = 0; i <= MAX_PATTERN_TYPE; i++)
+         delete detectorHttpConfig->chp_matchers[i];
+
+    destroyHosUrlMatcher(&detectorHttpConfig->host_url_matcher);
+    destroyHosUrlMatcher(&detectorHttpConfig->RTMPHosUrlMatcher);
+    destroyHosUrlPatternList(&detectorHttpConfig->hosUrlPatternsList);
+
+    CleanHttpPatternLists();
+    delete httpPatternLists;
+    delete detectorHttpConfig;
 }
 
 static inline void FreeMatchStructures(MatchedPatterns* mp)
@@ -1238,14 +1465,14 @@ void finalizeFflow(fflow_info* fflow, unsigned app_type_flags, AppId target_appI
 }
 
 int scanKeyCHP(PatternType ptype, char* buf, int buf_size, CHPMatchTally** ppTally,
-    MatchedCHPAction** ppmatches, const DetectorHttpConfig* pHttpConfig)
+    MatchedCHPAction** ppmatches)
 {
     CHPTallyAndActions tallyAndActions;
     tallyAndActions.pTally = *ppTally;
     tallyAndActions.matches = *ppmatches;
 
     //FIXIT-H
-    pHttpConfig->chp_matchers[ptype]->find_all(buf, buf_size, &chp_key_pattern_match,
+    detectorHttpConfig->chp_matchers[ptype]->find_all(buf, buf_size, &chp_key_pattern_match,
         false, (void*)(&tallyAndActions));
 
     *ppTally = tallyAndActions.pTally;
@@ -1253,10 +1480,8 @@ int scanKeyCHP(PatternType ptype, char* buf, int buf_size, CHPMatchTally** ppTal
     return (int)(tallyAndActions.pTally != nullptr);
 }
 
-AppId scanCHP(PatternType ptype, char* buf, int buf_size, MatchedCHPAction* mp,
-    char** version, char** user, char** new_field,
-    int* total_found, httpSession* hsession, Packet* p, const
-    DetectorHttpConfig* pHttpConfig)
+AppId scanCHP(PatternType ptype, char* buf, int buf_size, MatchedCHPAction* mp, char** version,
+        char** user, char** new_field, int* total_found, httpSession* hsession, Packet* p)
 {
     MatchedCHPAction* second_sweep_for_inserts = nullptr;
     int do_not_further_modify_field = 0;
@@ -1270,7 +1495,7 @@ AppId scanCHP(PatternType ptype, char* buf, int buf_size, MatchedCHPAction* mp,
         mp = nullptr;
 
         // FIXIT-H
-        pHttpConfig->chp_matchers[ptype]->find_all(buf, buf_size, &chp_pattern_match,
+        detectorHttpConfig->chp_matchers[ptype]->find_all(buf, buf_size, &chp_pattern_match,
             false, (void*)(&mp));
     }
     if (!mp)
@@ -1290,9 +1515,18 @@ AppId scanCHP(PatternType ptype, char* buf, int buf_size, MatchedCHPAction* mp,
         {
             switch (match->action)
             {
+            case DEFER_TO_SIMPLE_DETECT:
+                // Ignore all other patterns; we are done.
+                FreeMatchedCHPActions(mp);
+                // Returning APP_ID_NONE will trigger the clearing of hsession->skip_simple_detect
+                // and the freeing of any planned field rewrites.
+                return APP_ID_NONE;
+                break;
+
             default:
                 (*total_found)++;
                 break;
+
             case ALTERNATE_APPID:     // an "optional" action that doesn't count towards totals
             case REWRITE_FIELD:       // handled when the action completes successfully
             case INSERT_FIELD:        // handled when the action completes successfully
@@ -1428,6 +1662,8 @@ AppId scanCHP(PatternType ptype, char* buf, int buf_size, MatchedCHPAction* mp,
         case NO_ACTION:
             hsession->skip_simple_detect = true;
             break;
+        default:
+            break;
         }
     }
     // non-nullptr second_sweep_for_inserts indicates the insert action we will use.
@@ -1461,7 +1697,7 @@ static inline int optionallyReplaceWithStrdup(char** optionalStr, const char* st
 }
 
 void identifyUserAgent(const uint8_t* start, int size, AppId* serviceAppId, AppId* ClientAppId,
-    char** version, const DetectorHttpConfig* pHttpConfig)
+    char** version)
 {
     int skypeDetect;
     int mobileDetect;
@@ -1480,7 +1716,7 @@ void identifyUserAgent(const uint8_t* start, int size, AppId* serviceAppId, AppI
     temp_ver[0] = 0;
 
     // FIXIT-H
-    pHttpConfig->client_agent_matcher->find_all((const char*)start, size, &http_pattern_match,
+    detectorHttpConfig->client_agent_matcher->find_all((const char*)start, size, &http_pattern_match,
         false, (void*)&mp);
 
     if (mp)
@@ -1790,8 +2026,7 @@ done:
     FreeMatchStructures(mp);
 }
 
-int geAppidByViaPattern(const uint8_t* data, unsigned size, char** version,
-        const DetectorHttpConfig* pHttpConfig)
+int geAppidByViaPattern(const uint8_t* data, unsigned size, char** version)
 {
     unsigned i;
     const uint8_t* data_ptr;
@@ -1800,10 +2035,10 @@ int geAppidByViaPattern(const uint8_t* data, unsigned size, char** version,
     DetectorHTTPPattern* match = nullptr;
     char temp_ver[MAX_VERSION_SIZE];
 
-    if (pHttpConfig->via_matcher)
+    if (detectorHttpConfig->via_matcher)
     {
         // FIXIT-H
-        pHttpConfig->via_matcher->find_all((const char*)data, size, &http_pattern_match,
+        detectorHttpConfig->via_matcher->find_all((const char*)data, size, &http_pattern_match,
             false, (void*)&mp);
     }
 
@@ -1869,16 +2104,16 @@ AppId scan_header_x_working_with(const uint8_t* data, uint32_t size, char** vers
     return APP_ID_NONE;
 }
 
-AppId geAppidByContentType(const uint8_t* data, int size, const DetectorHttpConfig* pHttpConfig)
+AppId geAppidByContentType(const uint8_t* data, int size)
 {
     MatchedPatterns* mp = nullptr;
     DetectorHTTPPattern* match;
     AppId payloadId;
 
-    if (pHttpConfig->content_type_matcher)
+    if (detectorHttpConfig->content_type_matcher)
     {
         // FIXIT-H
-        pHttpConfig->content_type_matcher->find_all((const char*)data, size,
+        detectorHttpConfig->content_type_matcher->find_all((const char*)data, size,
             &content_pattern_match, false, (void*)&mp);
     }
 
@@ -1932,8 +2167,7 @@ done:
 }
 
 int getHTTPHeaderLocation(const uint8_t* data, unsigned size, HttpId id, int* start, int* end,
-    HeaderMatchedPatterns* hmp,
-    const DetectorHttpConfig* pHttpConfig)
+        HeaderMatchedPatterns* hmp)
 {
     HTTPHeaderIndices* match;
 
@@ -1947,10 +2181,10 @@ int getHTTPHeaderLocation(const uint8_t* data, unsigned size, HttpId id, int* st
     if (hmp->searched)
         return 0;
 
-    if (pHttpConfig->header_matcher)
+    if (detectorHttpConfig->header_matcher)
     {
         //FIXIT-H
-        pHttpConfig->header_matcher->find_all((const char*)data, size,
+        detectorHttpConfig->header_matcher->find_all((const char*)data, size,
             &http_header_pattern_match, false, (void*)hmp);
     }
 
@@ -1972,8 +2206,7 @@ int getHTTPHeaderLocation(const uint8_t* data, unsigned size, HttpId id, int* st
 }
 
 AppId getAppIdFromUrl(char* host, char* url, char** version, char* referer, AppId* ClientAppId,
-        AppId* serviceAppId, AppId* payloadAppId, AppId* referredPayloadAppId,
-        unsigned from_rtmp, const DetectorHttpConfig* pHttpConfig)
+        AppId* serviceAppId, AppId* payloadAppId, AppId* referredPayloadAppId, unsigned from_rtmp)
 {
     char* path;
     char* referer_start;
@@ -1995,7 +2228,7 @@ AppId getAppIdFromUrl(char* host, char* url, char** version, char* referer, AppI
 #define URL_SCHEME_END_PATTERN "://"
 #define URL_SCHEME_MAX_LEN     (sizeof("https://")-1)
 
-    matcher = (from_rtmp ? pHttpConfig->RTMPHosUrlMatcher : pHttpConfig->hosUrlMatcher);
+    matcher = (from_rtmp ? detectorHttpConfig->RTMPHosUrlMatcher : detectorHttpConfig->host_url_matcher);
 
     if (!host && !url)
         return 0;
@@ -2083,8 +2316,7 @@ AppId getAppIdFromUrl(char* host, char* url, char** version, char* referer, AppI
     snort_free(temp_host);
 
     /* if referred_id feature id disabled, referer will be null */
-    if (referer && (!payload_found || appInfoEntryFlagGet(data->payload_id, APPINFO_FLAG_REFERRED,
-        pAppidActiveConfig)))
+    if (referer && (!payload_found || appInfoEntryFlagGet(data->payload_id, APPINFO_FLAG_REFERRED)))
     {
         referer_start = referer;
 
@@ -2283,7 +2515,7 @@ int webdav_found(HeaderMatchedPatterns* hmp)
 
 static CLIENT_APP_RETCODE http_client_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE http_client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData, const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 static int http_service_init(const IniServiceAPI* const init_api);
 static int http_service_validate(ServiceValidationArgs* args);
 
@@ -2376,7 +2608,7 @@ static CLIENT_APP_RETCODE http_client_init(const IniClientAppAPI* const init_api
             DebugFormat(DEBUG_LOG, "registering patterns: %s: %d",
                 (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&http_client_validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -2384,14 +2616,14 @@ static CLIENT_APP_RETCODE http_client_init(const IniClientAppAPI* const init_api
     {
         DebugFormat(DEBUG_LOG, "registering appId: %d\n", appIdRegistry[j].appId);
         init_api->RegisterAppId(&http_client_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
 }
 
 static CLIENT_APP_RETCODE http_client_validate(const uint8_t*, uint16_t, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet* pkt, struct Detector*)
 {
     http_client_mod.api->add_app(flowp, APP_ID_HTTP, APP_ID_HTTP + GENERIC_APP_OFFSET, nullptr);
     flowp->rna_client_state = RNA_STATE_FINISHED;
@@ -2412,7 +2644,7 @@ static int http_service_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG, "registering appId: %d\n", appIdRegistry[i].appId);
         init_api->RegisterAppId(&http_service_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/detector_plugins/detector_http.h b/src/network_inspectors/appid/detector_plugins/detector_http.h
index 135cd7155b2caa7a5d6ebac4cb6816da69fe5004..ec85bde9caaf54fb939f1e0873611581377f3058 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_http.h
+++ b/src/network_inspectors/appid/detector_plugins/detector_http.h
@@ -31,11 +31,17 @@ struct httpSession;
 struct fflow_info;
 struct CHPAction;
 struct CHPApp;
-struct DetectorHttpConfig;
 class AppIdConfig;
 
 #define MAX_VERSION_SIZE    64
 
+enum httpPatternType
+{
+    HTTP_PAYLOAD    = 1,
+    HTTP_USER_AGENT = 2,
+    HTTP_URL        = 3
+};
+
 enum HttpId
 {
        /* Only store Content-Type, Server, User-Agent & Via headers now. */
@@ -127,11 +133,47 @@ struct HeaderMatchedPatterns
        int searched;
 };
 
+struct UrlUserData
+{
+    uint32_t service_id;
+    uint32_t client_app;
+    uint32_t payload;
+    AppId appId;
+    tMlpPattern query;
+};
 
+struct DetectorAppUrlPattern
+{
+    struct
+    {
+        tMlpPattern host;
+        tMlpPattern path;
+        tMlpPattern scheme;
+    } patterns;
+
+    UrlUserData userData;
+};
 
-int geAppidByViaPattern(const uint8_t*, unsigned, char**, const DetectorHttpConfig*);
-int getHTTPHeaderLocation(const uint8_t*, unsigned, HttpId, int*, int*, HeaderMatchedPatterns*,
-        const DetectorHttpConfig*);
+struct DetectorAppUrlList
+{
+    DetectorAppUrlPattern** urlPattern = nullptr;
+    size_t usedCount = 0;
+    size_t allocatedCount = 0;
+};
+
+void init_http_detector();
+int finalize_http_detector();
+void clean_http_detector();
+void insert_chp_pattern(CHPListElement* chpa);
+void insert_http_pattern_element(enum httpPatternType pType, HTTPListElement* element);
+void insert_content_type_pattern(HTTPListElement* element);
+void insert_url_pattern(DetectorAppUrlPattern* pattern);
+void insert_rtmp_url_pattern(DetectorAppUrlPattern* pattern);
+void insert_app_url_pattern(DetectorAppUrlPattern* pattern);
+DetectorAppUrlList* getAppUrlList();
+
+int geAppidByViaPattern(const uint8_t*, unsigned, char**);
+int getHTTPHeaderLocation(const uint8_t*, unsigned, HttpId, int*, int*, HeaderMatchedPatterns*);
 inline void FreeMatchedCHPActions(MatchedCHPAction* ma)
 {
        MatchedCHPAction* tmp;
@@ -144,19 +186,16 @@ inline void FreeMatchedCHPActions(MatchedCHPAction* ma)
        }
 }
 
-int scanKeyCHP(PatternType, char*, int, CHPMatchTally**, MatchedCHPAction**,
-        const DetectorHttpConfig*);
+int scanKeyCHP(PatternType, char*, int, CHPMatchTally**, MatchedCHPAction**);
 AppId scanCHP(PatternType, char*, int, MatchedCHPAction*, char**, char**, char**, int*,
-        httpSession*, Packet*, const DetectorHttpConfig*);
-AppId getAppIdFromUrl(char*, char*, char**, char*, AppId*, AppId*, AppId*, AppId*, unsigned,
-        const DetectorHttpConfig*);
-AppId geAppidByContentType(const uint8_t*, int, const DetectorHttpConfig*);
+        httpSession*, Packet*);
+AppId getAppIdFromUrl(char*, char*, char**, char*, AppId*, AppId*, AppId*, AppId*, unsigned);
+AppId geAppidByContentType(const uint8_t*, int);
 AppId scan_header_x_working_with(const uint8_t*, uint32_t, char**);
-void identifyUserAgent(const uint8_t*, int, AppId*, AppId*, char**, const DetectorHttpConfig*);
+void identifyUserAgent(const uint8_t*, int, AppId*, AppId*, char**);
 void getServerVendorVersion(const uint8_t*, int, char**, char**, RNAServiceSubtype**);
 int webdav_found(HeaderMatchedPatterns*);
-int http_detector_finalize(AppIdConfig*);
-void http_detector_clean(DetectorHttpConfig*);
+
 void finalizeFflow(fflow_info*, unsigned app_type_flags, AppId, Packet* );
 
 #endif

diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
index d0869452dd618a702cf8c01a1727bd9964490791..13e706433b4801cb569c61cd60a879564822d7f3 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
@@ -78,10 +78,9 @@ struct ClientAppData
 static CLIENT_APP_CONFIG ca_config;
 
 static CLIENT_APP_RETCODE init(const IniClientAppAPI* const init_api, SF_LIST* config);
-static void clean(const CleanClientAppAPI* const clean_api);
+static void clean();
 static CLIENT_APP_RETCODE validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, Detector* userData);
 
 static RNAClientAppModule client_app_mod =
 {
@@ -334,7 +333,7 @@ static CLIENT_APP_RETCODE init(const IniClientAppAPI* const init_api, SF_LIST* c
         {
             DebugFormat(DEBUG_LOG,"registering pattern: %s\n",(const char*)patterns[i].pattern);
             init_api->RegisterPatternNoCase(&validate, IpProtocol::TCP, patterns[i].pattern,
-                patterns[i].length, -1, init_api->pAppidConfig);
+                patterns[i].length, -1);
         }
     }
 
@@ -342,8 +341,7 @@ static CLIENT_APP_RETCODE init(const IniClientAppAPI* const init_api, SF_LIST* c
     for (j=0; j < sizeof(appIdRegistry)/sizeof(*appIdRegistry); j++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
-        init_api->RegisterAppId(&validate, appIdRegistry[j].appId, appIdRegistry[j].additionalInfo,
-            init_api->pAppidConfig);
+        init_api->RegisterAppId(&validate, appIdRegistry[j].appId, appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -352,27 +350,27 @@ static CLIENT_APP_RETCODE init(const IniClientAppAPI* const init_api, SF_LIST* c
 static int imap_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPatternUser(&imap_validate, IpProtocol::TCP, (uint8_t*)IMAP_PATTERN,
-        sizeof(IMAP_PATTERN)-1, 0, "imap", init_api->pAppidConfig);
+        sizeof(IMAP_PATTERN)-1, 0, "imap");
 
     unsigned j;
     for (j=0; j < sizeof(appIdRegistry)/sizeof(*appIdRegistry); j++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&imap_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return 0;
 }
 
-static void clean(const CleanClientAppAPI* const clean_api)
+static void clean()
 {
     SearchTool* cmd_matcher =
-        (SearchTool*)clean_api->pAppidConfig->find_generic_config_element(client_app_mod.name);
+        (SearchTool*)pAppidActiveConfig->find_generic_config_element(client_app_mod.name);
     if (cmd_matcher)
         delete cmd_matcher;
 
-    clean_api->pAppidConfig->remove_generic_config_element(client_app_mod.name);
+    pAppidActiveConfig->remove_generic_config_element(client_app_mod.name);
 }
 
 static int pattern_match(void* id, void*, int index, void* data, void*)
@@ -699,8 +697,7 @@ static int imap_server_validate(DetectorData* dd, const uint8_t* data, uint16_t
 }
 
 static CLIENT_APP_RETCODE validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*,
-    const AppIdConfig* pConfig)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     const uint8_t* s = data;
     const uint8_t* end = (data + size);
@@ -710,7 +707,7 @@ static CLIENT_APP_RETCODE validate(const uint8_t* data, uint16_t size, const int
     ClientAppData* fd;
     char tag[IMAP_TAG_MAX_LEN+1] = { 0 };
     SearchTool* cmd_matcher =
-        (SearchTool*)( ( AppIdConfig*)pConfig)->find_generic_config_element(client_app_mod.name);
+        (SearchTool*)pAppidActiveConfig->find_generic_config_element(client_app_mod.name);
 
 #ifdef APP_ID_USES_REASSEMBLED
     Stream::flush_response_flush(pkt);

diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
index 4879a0c385e310fb13de742f6326afe6f3479c3e..c5b11b0d5960df22c0f33f84763bd8bbdc23e186 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
@@ -113,8 +113,7 @@ static KRB_CLIENT_APP_CONFIG krb_client_config;
 
 static CLIENT_APP_RETCODE krb_client_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE krb_client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 static RNAClientAppModule client_app_mod =
 {
@@ -243,9 +242,9 @@ static CLIENT_APP_RETCODE krb_client_init(const IniClientAppAPI* const init_api,
             DebugFormat(DEBUG_INSPECTOR,"registering pattern with length %u\n",
                 client_patterns[i].length);
             init_api->RegisterPattern(&krb_client_validate, IpProtocol::UDP,
-                client_patterns[i].pattern, client_patterns[i].length, -1, init_api->pAppidConfig);
+                client_patterns[i].pattern, client_patterns[i].length, -1);
             init_api->RegisterPattern(&krb_client_validate, IpProtocol::TCP,
-                client_patterns[i].pattern, client_patterns[i].length, -1, init_api->pAppidConfig);
+                client_patterns[i].pattern, client_patterns[i].length, -1);
         }
     }
 
@@ -254,7 +253,7 @@ static CLIENT_APP_RETCODE krb_client_init(const IniClientAppAPI* const init_api,
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&krb_client_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -269,11 +268,9 @@ static int krb_server_init(const IniServiceAPI* const init_api)
         DebugFormat(DEBUG_INSPECTOR,"registering pattern with length %u\n",
             service_patterns[i].length);
         init_api->RegisterPatternUser(&krb_server_validate, IpProtocol::UDP,
-            service_patterns[i].pattern,
-            service_patterns[i].length, -1, "kerberos", init_api->pAppidConfig);
+            service_patterns[i].pattern, service_patterns[i].length, -1, "kerberos");
         init_api->RegisterPatternUser(&krb_server_validate, IpProtocol::TCP,
-            service_patterns[i].pattern,
-            service_patterns[i].length, -1, "kerberos", init_api->pAppidConfig);
+            service_patterns[i].pattern, service_patterns[i].length, -1, "kerberos");
     }
 
     unsigned j;
@@ -281,7 +278,7 @@ static int krb_server_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&krb_server_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return 0;
@@ -959,7 +956,7 @@ static KRB_RETCODE krb_walk_server_packet(KRBState* krbs, const uint8_t* s, cons
 }
 
 static CLIENT_APP_RETCODE krb_client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet* pkt, struct Detector*)
 {
     const uint8_t* s = data;
     const uint8_t* end = (data + size);

diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc
index 03e7230b0d680a07a8be67886100dc019f1c85cd..3d10361d26bc3b4764164c0975927712f80f40bf 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc
@@ -28,19 +28,19 @@
 #include "main/snort_debug.h"
 #include "utils/util.h"
 
+static THREAD_LOCAL ServicePortPattern service_port_patterns;
+static THREAD_LOCAL ClientPortPattern clientPortPattern;
+
 static int service_validate(ServiceValidationArgs* args);
-static int csdPatternTreeSearch(const uint8_t* data, uint16_t size, IpProtocol protocol,
-    Packet* pkt,
-    const RNAServiceElement** serviceData, bool isClient,
-    const AppIdConfig* pConfig);
+static int csdPatternTreeSearch(const uint8_t* data, uint16_t size, IpProtocol protocol, Packet* pkt,
+    const RNAServiceElement** serviceData, bool isClient);
 static int pattern_service_init(const IniServiceAPI* const iniServiceApi);
-static void pattern_service_clean(const CleanServiceAPI* const clean_api);
+static void pattern_service_clean();
 static CLIENT_APP_RETCODE client_init(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE client_init_tcp(const IniClientAppAPI* const init_api, SF_LIST* config);
 static CLIENT_APP_RETCODE client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig);
-static void client_clean(const CleanClientAppAPI* const clean_api);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
+static void client_clean();
 static const IniServiceAPI* iniServiceApi;
 static const IniClientAppAPI* iniClientApi;
 
@@ -186,8 +186,7 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser
         pattern->offset = pNode->offset;
         pattern->next = ps->pattern;
         ps->pattern = pattern;
-
-        appInfoSetActive(ps->id, true);
+        set_app_info_active(ps->id);
     }
 }
 
@@ -206,7 +205,7 @@ static void install_ports(PatternService* serviceList, const IniServiceAPI* cons
         {
             pp.port = port->port;
             pp.proto = (IpProtocol)ps->proto;
-            if (iniServiceApi->AddPort(&pp, &pattern_service_mod, iniServiceApi->pAppidConfig))
+            if (iniServiceApi->AddPort(&pp, &pattern_service_mod))
                 ErrorMessage("Failed to add port - %d:%u:%d\n",ps->id,
                                (unsigned)pp.port, (uint8_t)pp.proto);
             else
@@ -233,78 +232,158 @@ static void RegisterPattern(SearchTool** patterns, Pattern* pattern)
     (*patterns)->add((char*)pattern->data, pattern->length, pattern, false);
 }
 
+void insert_service_port_pattern(PortPatternNode* pPattern)
+{
+    PortPatternNode** prev;
+    PortPatternNode** curr;
+    prev = nullptr;
+
+    for (curr = &service_port_patterns.luaInjectedPatterns; *curr; prev = curr, curr = &((*curr)->next))
+    {
+        if (strcmp(pPattern->detectorName, (*curr)->detectorName) || pPattern->protocol < (*curr)->protocol
+                || pPattern->port < (*curr)->port)
+            break;
+    }
+
+    if (prev)
+    {
+        pPattern->next = (*prev)->next;
+        (*prev)->next = pPattern;
+    }
+    else
+    {
+        pPattern->next = *curr;
+        *curr = pPattern;
+    }
+}
+
+void clean_service_port_patterns()
+{
+    PortPatternNode* tmp;
+
+    while ((tmp = service_port_patterns.luaInjectedPatterns))
+    {
+        service_port_patterns.luaInjectedPatterns = tmp->next;
+        snort_free(tmp->pattern);
+        snort_free(tmp->detectorName);
+        snort_free(tmp);
+    }
+}
+
+
+void insert_client_port_pattern(PortPatternNode* pPattern)
+{
+    //insert ports in order.
+    {
+        PortPatternNode** prev;
+        PortPatternNode** curr;
+        prev = nullptr;
+        for (curr = &clientPortPattern.luaInjectedPatterns; *curr; prev = curr, curr = &((*curr)->next))
+        {
+            if (strcmp(pPattern->detectorName, (*curr)->detectorName) || pPattern->protocol < (*curr)->protocol
+                    || pPattern->port < (*curr)->port)
+                break;
+        }
+        if (prev)
+        {
+            pPattern->next = (*prev)->next;
+            (*prev)->next = pPattern;
+        }
+        else
+        {
+            pPattern->next = *curr;
+            *curr = pPattern;
+        }
+    }
+}
+
+void clean_client_port_patterns()
+{
+    PortPatternNode* tmp;
+
+    while ((tmp = clientPortPattern.luaInjectedPatterns))
+    {
+        clientPortPattern.luaInjectedPatterns = tmp->next;
+        snort_free(tmp->pattern);
+        snort_free(tmp->detectorName);
+        snort_free(tmp);
+    }
+}
+
 // Creates unique subset of services registered on ports, and then creates pattern trees.
-static void createServicePatternTrees(AppIdConfig* pConfig)
+static void createServicePatternTrees()
 {
     PatternService* ps;
     Pattern* pattern;
     PortNode* port;
     unsigned i;
 
-    for (ps = pConfig->servicePortPattern->servicePortPattern; ps; ps = ps->next)
+    for (ps = service_port_patterns.servicePortPattern; ps; ps = ps->next)
     {
         for (port = ps->port; port; port = port->next)
         {
             for (pattern = ps->pattern; pattern; pattern = pattern->next)
             {
                 if (ps->proto == IpProtocol::TCP)
-                    RegisterPattern(&pConfig->servicePortPattern->tcpPortPatternTree[port->port],
-                        pattern);
+                    RegisterPattern(&service_port_patterns.tcpPortPatternTree[port->port],
+                            pattern);
                 else
-                    RegisterPattern(&pConfig->servicePortPattern->udpPortPatternTree[port->port],
+                    RegisterPattern(&service_port_patterns.udpPortPatternTree[port->port],
                         pattern);
             }
         }
     }
+
     for (i = 0; i < 65536; i++)
     {
-        if (pConfig->servicePortPattern->tcpPortPatternTree[i])
+        if (service_port_patterns.tcpPortPatternTree[i])
         {
-            for (ps = pConfig->servicePortPattern->servicePortPattern; ps; ps = ps->next)
+            for (ps = service_port_patterns.servicePortPattern; ps; ps = ps->next)
             {
                 if (ps->port || (ps->proto != IpProtocol::TCP))
                     continue;
 
                 for (pattern = ps->pattern; pattern; pattern = pattern->next)
-                    RegisterPattern(&pConfig->servicePortPattern->tcpPortPatternTree[i], pattern);
+                    RegisterPattern(&service_port_patterns.tcpPortPatternTree[i], pattern);
             }
 
-            pConfig->servicePortPattern->tcpPortPatternTree[i]->prep();
+            service_port_patterns.tcpPortPatternTree[i]->prep();
         }
-        if (pConfig->servicePortPattern->udpPortPatternTree[i])
+
+        if (service_port_patterns.udpPortPatternTree[i])
         {
-            for (ps = pConfig->servicePortPattern->servicePortPattern; ps; ps = ps->next)
+            for (ps = service_port_patterns.servicePortPattern; ps; ps = ps->next)
             {
                 if (ps->port || (ps->proto != IpProtocol::UDP))
                     continue;
 
                 for (pattern = ps->pattern; pattern; pattern = pattern->next)
-                    RegisterPattern(&pConfig->servicePortPattern->udpPortPatternTree[i], pattern);
+                    RegisterPattern(&service_port_patterns.udpPortPatternTree[i], pattern);
             }
 
-            pConfig->servicePortPattern->udpPortPatternTree[i]->prep();
+            service_port_patterns.udpPortPatternTree[i]->prep();
         }
     }
 }
 
-static void createClientPatternTrees( AppIdConfig* pConfig )
+static void createClientPatternTrees()
 {
     PatternService* ps;
     Pattern* pattern;
 
-    for (ps = pConfig->clientPortPattern->servicePortPattern; ps; ps = ps->next)
+    for (ps = clientPortPattern.servicePortPattern; ps; ps = ps->next)
     {
         for (pattern = ps->pattern; pattern; pattern = pattern->next)
         {
             if (ps->proto == IpProtocol::TCP)
-                RegisterPattern(&pConfig->clientPortPattern->tcp_patterns, pattern);
+                RegisterPattern(&clientPortPattern.tcp_patterns, pattern);
             else
-                RegisterPattern(&pConfig->clientPortPattern->udp_patterns, pattern);
+                RegisterPattern(&clientPortPattern.udp_patterns, pattern);
         }
     }
 }
 
-static void registerServicePatterns( AppIdConfig* pConfig )
+static void registerServicePatterns()
 {
     PatternService* ps;
     Pattern* pattern;
@@ -313,7 +392,7 @@ static void registerServicePatterns( AppIdConfig* pConfig )
      * pattern tree. Register patterns with ports with local pattern
      * tree only.
      */
-    for (ps = pConfig->servicePortPattern->servicePortPattern; ps; ps = ps->next)
+    for (ps = service_port_patterns.servicePortPattern; ps; ps = ps->next)
     {
         if (!ps->port)
         {
@@ -325,17 +404,15 @@ static void registerServicePatterns( AppIdConfig* pConfig )
                     {
                         DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
                         iniServiceApi->RegisterPattern(&service_validate, IpProtocol::TCP,
-                            pattern->data, pattern->length,
-                            pattern->offset, "pattern", iniServiceApi->pAppidConfig);
-                        RegisterPattern(&pConfig->servicePortPattern->tcp_patterns, pattern);
+                            pattern->data, pattern->length, pattern->offset, "pattern");
+                        RegisterPattern(&service_port_patterns.tcp_patterns, pattern);
                     }
                     else
                     {
                         DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
                         iniServiceApi->RegisterPattern(&service_validate, IpProtocol::UDP,
-                            pattern->data, pattern->length,
-                            pattern->offset, "pattern", iniServiceApi->pAppidConfig);
-                        RegisterPattern(&pConfig->servicePortPattern->udp_patterns, pattern);
+                            pattern->data, pattern->length, pattern->offset, "pattern");
+                        RegisterPattern(&service_port_patterns.udp_patterns, pattern);
                     }
                 }
             }
@@ -346,14 +423,14 @@ static void registerServicePatterns( AppIdConfig* pConfig )
                 ps->count++;
         }
     }
-    if (pConfig->servicePortPattern->tcp_patterns)
-        pConfig->servicePortPattern->tcp_patterns->prep();
+    if (service_port_patterns.tcp_patterns)
+        service_port_patterns.tcp_patterns->prep();
 
-    if (pConfig->servicePortPattern->udp_patterns)
-        pConfig->servicePortPattern->udp_patterns->prep();
+    if (service_port_patterns.udp_patterns)
+        service_port_patterns.udp_patterns->prep();
 }
 
-static void registerClientPatterns( AppIdConfig* pConfig )
+static void registerClientPatterns()
 {
     PatternService* ps;
     Pattern* pattern;
@@ -362,7 +439,7 @@ static void registerClientPatterns( AppIdConfig* pConfig )
      * pattern tree. Register patterns with ports with local pattern
      * tree only.
      */
-    for (ps = pConfig->clientPortPattern->servicePortPattern; ps; ps = ps->next)
+    for (ps = clientPortPattern.servicePortPattern; ps; ps = ps->next)
     {
         for (pattern = ps->pattern; pattern; pattern = pattern->next)
         {
@@ -373,25 +450,25 @@ static void registerClientPatterns( AppIdConfig* pConfig )
                     DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
                     iniClientApi->RegisterPattern(&client_validate, IpProtocol::TCP, pattern->data,
                         pattern->length,
-                        pattern->offset, iniClientApi->pAppidConfig);
-                    RegisterPattern(&pConfig->clientPortPattern->tcp_patterns, pattern);
+                        pattern->offset);
+                    RegisterPattern(&clientPortPattern.tcp_patterns, pattern);
                 }
                 else
                 {
                     DebugFormat(DEBUG_LOG,"Adding pattern with length %u\n",pattern->length);
                     iniClientApi->RegisterPattern(&client_validate, IpProtocol::UDP, pattern->data,
-                        pattern->length, pattern->offset, iniClientApi->pAppidConfig);
-                    RegisterPattern(&pConfig->clientPortPattern->udp_patterns, pattern);
+                        pattern->length, pattern->offset);
+                    RegisterPattern(&clientPortPattern.udp_patterns, pattern);
                 }
             }
             ps->count++;
         }
     }
-    if (pConfig->clientPortPattern->tcp_patterns)
-        pConfig->clientPortPattern->tcp_patterns->prep();
+    if (clientPortPattern.tcp_patterns)
+        clientPortPattern.tcp_patterns->prep();
 
-    if (pConfig->clientPortPattern->udp_patterns)
-        pConfig->clientPortPattern->udp_patterns->prep();
+    if (clientPortPattern.udp_patterns)
+        clientPortPattern.udp_patterns->prep();
 }
 
 static void dumpPatterns(const char* name, PatternService* pList)
@@ -419,27 +496,22 @@ static void dumpPatterns(const char* name, PatternService* pList)
     }
 }
 
-int portPatternFinalize(AppIdConfig* pConfig)
+void finalize_client_port_patterns()
 {
-    if (pConfig->clientPortPattern)
-    {
-        read_patterns(pConfig->clientPortPattern->luaInjectedPatterns,
-            &pConfig->clientPortPattern->servicePortPattern);
-        createClientPatternTrees(pConfig);
-        registerClientPatterns(pConfig);
-        dumpPatterns("Client", pConfig->clientPortPattern->servicePortPattern);
-    }
-    if (pConfig->servicePortPattern)
-    {
-        read_patterns(pConfig->servicePortPattern->luaInjectedPatterns,
-            &pConfig->servicePortPattern->servicePortPattern);
-        install_ports(pConfig->servicePortPattern->servicePortPattern, iniServiceApi);
-        createServicePatternTrees(pConfig);
-        registerServicePatterns(pConfig);
-        dumpPatterns("Server", pConfig->servicePortPattern->servicePortPattern);
-    }
 
-    return 0;
+    read_patterns(clientPortPattern.luaInjectedPatterns, &clientPortPattern.servicePortPattern);
+    createClientPatternTrees();
+    registerClientPatterns();
+    dumpPatterns("Client", clientPortPattern.servicePortPattern);
+}
+
+void finalize_service_port_patterns()
+{
+    read_patterns(service_port_patterns.luaInjectedPatterns, &service_port_patterns.servicePortPattern);
+    install_ports(service_port_patterns.servicePortPattern, iniServiceApi);
+    createServicePatternTrees();
+    registerServicePatterns();
+    dumpPatterns("Server", service_port_patterns.servicePortPattern);
 }
 
 static int pattern_service_init(const IniServiceAPI* const init_api)
@@ -451,42 +523,41 @@ static int pattern_service_init(const IniServiceAPI* const init_api)
     return 0;
 }
 
-static void pattern_service_clean(const CleanServiceAPI* const clean_api)
+static void pattern_service_clean()
 {
     PatternService* ps;
-    AppIdConfig* pConfig = clean_api->pAppidConfig;
 
-    if (pConfig->servicePortPattern && pConfig->servicePortPattern->servicePortPattern)
+    if ( service_port_patterns.servicePortPattern )
     {
         unsigned i;
 
-        if (pConfig->servicePortPattern->tcp_patterns)
+        if (service_port_patterns.tcp_patterns)
         {
-            delete pConfig->servicePortPattern->tcp_patterns;
-            pConfig->servicePortPattern->tcp_patterns = nullptr;
+            delete service_port_patterns.tcp_patterns;
+            service_port_patterns.tcp_patterns = nullptr;
         }
-        if (pConfig->servicePortPattern->udp_patterns)
+        if (service_port_patterns.udp_patterns)
         {
-            delete pConfig->servicePortPattern->udp_patterns;
-            pConfig->servicePortPattern->udp_patterns = nullptr;
+            delete service_port_patterns.udp_patterns;
+            service_port_patterns.udp_patterns = nullptr;
         }
         for (i = 0; i < 65536; i++)
         {
-            if (pConfig->servicePortPattern->tcpPortPatternTree[i])
+            if (service_port_patterns.tcpPortPatternTree[i])
             {
-                delete pConfig->servicePortPattern->tcpPortPatternTree[i];
-                pConfig->servicePortPattern->tcpPortPatternTree[i] = nullptr;
+                delete service_port_patterns.tcpPortPatternTree[i];
+                service_port_patterns.tcpPortPatternTree[i] = nullptr;
             }
-            if (pConfig->servicePortPattern->udpPortPatternTree[i])
+            if (service_port_patterns.udpPortPatternTree[i])
             {
-                delete pConfig->servicePortPattern->udpPortPatternTree[i];
-                pConfig->servicePortPattern->udpPortPatternTree[i] = nullptr;
+                delete service_port_patterns.udpPortPatternTree[i];
+                service_port_patterns.udpPortPatternTree[i] = nullptr;
             }
         }
-        while (pConfig->servicePortPattern->servicePortPattern)
+        while (service_port_patterns.servicePortPattern)
         {
-            ps = pConfig->servicePortPattern->servicePortPattern;
-            pConfig->servicePortPattern->servicePortPattern = ps->next;
+            ps = service_port_patterns.servicePortPattern;
+            service_port_patterns.servicePortPattern = ps->next;
             FreePatternService(ps);
         }
     }
@@ -558,7 +629,7 @@ static int pattern_match(void* id, void*, int index, void* data, void*)
 }
 
 static int csdPatternTreeSearch(const uint8_t* data, uint16_t size, IpProtocol protocol,
-    Packet* pkt, const RNAServiceElement** serviceData, bool isClient, const AppIdConfig* pConfig)
+    Packet* pkt, const RNAServiceElement** serviceData, bool isClient)
 {
     SearchTool* patternTree = nullptr;
     PatternService* ps;
@@ -575,19 +646,19 @@ static int csdPatternTreeSearch(const uint8_t* data, uint16_t size, IpProtocol p
     if (!isClient)
     {
         if (protocol == IpProtocol::UDP)
-            patternTree = pConfig->servicePortPattern->udpPortPatternTree[pkt->ptrs.sp];
+            patternTree = service_port_patterns.udpPortPatternTree[pkt->ptrs.sp];
         else
-            patternTree = pConfig->servicePortPattern->tcpPortPatternTree[pkt->ptrs.sp];
+            patternTree = service_port_patterns.tcpPortPatternTree[pkt->ptrs.sp];
     }
 
     if (!patternTree)
     {
         if (protocol == IpProtocol::UDP)
-            patternTree = (isClient) ? pConfig->clientPortPattern->udp_patterns :
-                pConfig->servicePortPattern->udp_patterns;
+            patternTree = (isClient) ? clientPortPattern.udp_patterns :
+                service_port_patterns.udp_patterns;
         else
-            patternTree = (isClient) ? pConfig->clientPortPattern->tcp_patterns :
-                pConfig->servicePortPattern->tcp_patterns;
+            patternTree = (isClient) ? clientPortPattern.tcp_patterns :
+                service_port_patterns.tcp_patterns;
     }
 
     if (patternTree)
@@ -665,7 +736,7 @@ static int service_validate(ServiceValidationArgs* args)
     if (dir != APP_ID_FROM_RESPONDER)
         goto inprocess;
 
-    id = csdPatternTreeSearch(data, size, flowp->protocol, pkt, &service, false, args->pConfig);
+    id = csdPatternTreeSearch(data, size, flowp->protocol, pkt, &service, false);
     if (!id)
         goto fail;
 
@@ -696,28 +767,26 @@ static CLIENT_APP_RETCODE client_init_tcp(const IniClientAppAPI* const, SF_LIST*
     return CLIENT_APP_SUCCESS;
 }
 
-static void client_clean(const CleanClientAppAPI* const clean_api)
+static void client_clean()
 {
-    AppIdConfig* pConfig = clean_api->pAppidConfig;
-
-    if (pConfig->clientPortPattern && pConfig->clientPortPattern->servicePortPattern)
+    if (clientPortPattern.servicePortPattern)
     {
-        if (pConfig->clientPortPattern->tcp_patterns)
+        if (clientPortPattern.tcp_patterns)
         {
-            delete pConfig->clientPortPattern->tcp_patterns;
-            pConfig->clientPortPattern->tcp_patterns = nullptr;
+            delete clientPortPattern.tcp_patterns;
+            clientPortPattern.tcp_patterns = nullptr;
         }
 
-        if (pConfig->clientPortPattern->udp_patterns)
+        if (clientPortPattern.udp_patterns)
         {
-            delete pConfig->clientPortPattern->udp_patterns;
-            pConfig->clientPortPattern->udp_patterns = nullptr;
+            delete clientPortPattern.udp_patterns;
+            clientPortPattern.udp_patterns = nullptr;
         }
     }
 }
 
 static CLIENT_APP_RETCODE client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector*, const AppIdConfig* pConfig)
+    AppIdSession* flowp, Packet* pkt, struct Detector*)
 {
     AppId id;
     const RNAServiceElement* service = nullptr;
@@ -729,8 +798,7 @@ static CLIENT_APP_RETCODE client_validate(const uint8_t* data, uint16_t size, co
     if (dir == APP_ID_FROM_RESPONDER)
         goto inprocess;
 
-    id = csdPatternTreeSearch(data, size, flowp->protocol, pkt, &service, true,
-        (AppIdConfig*)pConfig);
+    id = csdPatternTreeSearch(data, size, flowp->protocol, pkt, &service, true);
     if (!id)
         goto fail;
 

diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.h b/src/network_inspectors/appid/detector_plugins/detector_pattern.h
index a7a51ec5d5f951311f6ca7c613f870e88fb5c333..7d23678d00e10718bb84103de5cad57ece58e748 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_pattern.h
+++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.h
@@ -70,21 +70,28 @@ struct PatternService
 class SearchTool;
 struct ServicePortPattern
 {
-    PortPatternNode* luaInjectedPatterns;
-    PatternService* servicePortPattern;
-    SearchTool* tcp_patterns;
-    SearchTool* udp_patterns;
-    SearchTool* tcpPortPatternTree[65536];
-    SearchTool* udpPortPatternTree[65536];
+    PortPatternNode* luaInjectedPatterns = nullptr;
+    PatternService* servicePortPattern = nullptr;
+    SearchTool* tcp_patterns = nullptr;
+    SearchTool* udp_patterns = nullptr;
+    SearchTool* tcpPortPatternTree[65536] = { nullptr };
+    SearchTool* udpPortPatternTree[65536] = { nullptr };
 };
 
 struct ClientPortPattern
 {
-    PortPatternNode* luaInjectedPatterns;
-    PatternService* servicePortPattern;
-    SearchTool* tcp_patterns;
-    SearchTool* udp_patterns;
+    PortPatternNode* luaInjectedPatterns = nullptr;
+    PatternService* servicePortPattern = nullptr;
+    SearchTool* tcp_patterns = nullptr;
+    SearchTool* udp_patterns = nullptr;
 };
 
+void insert_service_port_pattern(PortPatternNode* pPattern);
+void insert_client_port_pattern(PortPatternNode* pPattern);
+void finalize_service_port_patterns();
+void clean_service_port_patterns();
+void clean_client_port_patterns();
+void finalize_client_port_patterns();
+
 #endif
 

diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
index 0baa1256994024dcac7535d53eab04fc3aa09e7b..ee6ca3ade11adf43bae317c30032b3a32a11e77b 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
@@ -62,10 +62,9 @@ struct ClientPOP3Data
 static POP3_CLIENT_APP_CONFIG pop3_config;
 
 static CLIENT_APP_RETCODE pop3_ca_init(const IniClientAppAPI* const init_api, SF_LIST* config);
-static void pop3_ca_clean(const CleanClientAppAPI* const clean_api);
+static void pop3_ca_clean();
 static CLIENT_APP_RETCODE pop3_ca_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, struct Detector* userData);
 
 static RNAClientAppModule client_app_mod =
 {
@@ -294,8 +293,7 @@ static CLIENT_APP_RETCODE pop3_ca_init(const IniClientAppAPI* const init_api, SF
             DebugFormat(DEBUG_INSPECTOR,"registering pattern: %s\n",
                        (const char*)patterns[i].pattern);
             init_api->RegisterPatternNoCase(&pop3_ca_validate, IpProtocol::TCP,
-                patterns[i].pattern,
-                patterns[i].length, 0, init_api->pAppidConfig);
+                patterns[i].pattern, patterns[i].length, 0);
         }
     }
 
@@ -304,7 +302,7 @@ static CLIENT_APP_RETCODE pop3_ca_init(const IniClientAppAPI* const init_api, SF
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&pop3_ca_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -313,27 +311,27 @@ static CLIENT_APP_RETCODE pop3_ca_init(const IniClientAppAPI* const init_api, SF
 static int pop3_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPatternUser(&pop3_validate, IpProtocol::TCP, (uint8_t*)POP3_OK,
-        sizeof(POP3_OK)-1, 0, "pop3", init_api->pAppidConfig);
+        sizeof(POP3_OK)-1, 0, "pop3");
     init_api->RegisterPatternUser(&pop3_validate, IpProtocol::TCP, (uint8_t*)POP3_ERR,
-        sizeof(POP3_ERR)-1, 0, "pop3", init_api->pAppidConfig);
+        sizeof(POP3_ERR)-1, 0, "pop3");
 
     unsigned j;
     for (j=0; j < sizeof(appIdRegistry)/sizeof(*appIdRegistry); j++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[j].appId);
         init_api->RegisterAppId(&pop3_validate, appIdRegistry[j].appId,
-            appIdRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[j].additionalInfo);
     }
     return 0;
 }
 
-static void pop3_ca_clean(const CleanClientAppAPI* const clean_api)
+static void pop3_ca_clean()
 {
     SearchTool* cmd_matcher =
-        (SearchTool*)clean_api->pAppidConfig->find_generic_config_element(client_app_mod.name);
+        (SearchTool*)pAppidActiveConfig->find_generic_config_element(client_app_mod.name);
     if (cmd_matcher)
         delete cmd_matcher;
-    clean_api->pAppidConfig->remove_generic_config_element(client_app_mod.name);
+    pAppidActiveConfig->remove_generic_config_element(client_app_mod.name);
 }
 
 static int pop3_pattern_match(void* id, void*, int index, void* data, void*)
@@ -673,7 +671,7 @@ ven_ver_done:;
 }
 
 static CLIENT_APP_RETCODE pop3_ca_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig* pConfig)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     const uint8_t* s = data;
     const uint8_t* end = (data + size);
@@ -731,7 +729,7 @@ static CLIENT_APP_RETCODE pop3_ca_validate(const uint8_t* data, uint16_t size, c
     {
         unsigned pattern_index;
         SearchTool* cmd_matcher =
-            (SearchTool*)((AppIdConfig*)pConfig)->find_generic_config_element(client_app_mod.name);
+            (SearchTool*)pAppidActiveConfig->find_generic_config_element(client_app_mod.name);
 
         cmd = nullptr;
         cmd_matcher->find_all((char*)s, (length > longest_pattern ? longest_pattern : length),

diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc
index bc6ba2d920e1d867bc37ba1df0de3239b91b7128..f35dbdef2c62e32df9d14c635b375d49d3eb3047 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc
@@ -86,29 +86,29 @@ struct ClientSIPData
     char* from;
 };
 
-struct SIP_CLIENT_APP_CONFIG
+struct DetectorSipConfig
 {
-    int enabled;
+    bool enabled;
+    void* sip_ua_matcher;
+    DetectorAppSipPattern* sip_ua_list;
+    void* sip_server_matcher;
+    DetectorAppSipPattern* sip_server_list;
 };
 
-// FIXIT-L THREAD_LOCAL?
-static SIP_CLIENT_APP_CONFIG sip_config;
+static THREAD_LOCAL DetectorSipConfig detector_sip_config;
 
 static CLIENT_APP_RETCODE sip_client_init(const IniClientAppAPI* const init_api, SF_LIST* config);
-static void sip_clean(const CleanClientAppAPI* const clean_api);
+static void sip_clean();
 static CLIENT_APP_RETCODE sip_client_validate(const uint8_t* data, uint16_t size, const int dir,
-    AppIdSession* flowp, Packet* pkt, Detector* userData,
-    const AppIdConfig* pConfig);
+    AppIdSession* flowp, Packet* pkt, Detector* userData);
 static CLIENT_APP_RETCODE sip_tcp_client_init(const IniClientAppAPI* const init_api,
     SF_LIST* config);
-static CLIENT_APP_RETCODE sip_tcp_client_validate(const uint8_t* data, uint16_t size, const int
-    dir,
-    AppIdSession* flowp, Packet* pkt, Detector* userData,
-    const AppIdConfig* pConfig);
-static int sipAppGeClientApp(void* patternMatcher, char* pattern, uint32_t patternLen,
+static CLIENT_APP_RETCODE sip_tcp_client_validate(const uint8_t* data, uint16_t size,
+        const int dir, AppIdSession* flowp, Packet* pkt, Detector* userData);
+static int get_sip_client_app(void* patternMatcher, char* pattern, uint32_t patternLen,
     AppId* ClientAppId, char** clientVersion);
-static void sipUaClean(DetectorSipConfig* pConfig);
-static void sipServerClean(DetectorSipConfig* pConfig);
+static void clean_sip_ua();
+static void clean_sip_server();
 
 RNAClientAppModule sip_udp_client_mod =
 {
@@ -219,14 +219,14 @@ static CLIENT_APP_RETCODE sip_client_init(const IniClientAppAPI* const init_api,
 
     /*configuration is read by sip_tcp_init(), which is called first */
 
-    if (sip_config.enabled)
+    if (detector_sip_config.enabled)
     {
         for (i=0; i < sizeof(patterns)/sizeof(*patterns); i++)
         {
             DebugFormat(DEBUG_LOG,"registering patterns: %s: %d\n",
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&sip_client_validate, IpProtocol::UDP, patterns[i].pattern,
-                patterns[i].length, patterns[i].index, init_api->pAppidConfig);
+                patterns[i].length, patterns[i].index);
         }
     }
 
@@ -235,39 +235,34 @@ static CLIENT_APP_RETCODE sip_client_init(const IniClientAppAPI* const init_api,
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdClientRegistry[j].appId);
         init_api->RegisterAppId(&sip_client_validate, appIdClientRegistry[j].appId,
-            appIdClientRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdClientRegistry[j].additionalInfo);
     }
 
-    if (init_api->pAppidConfig->detectorSipConfig.sipUaMatcher)
-    {
-        sipUaClean(&init_api->pAppidConfig->detectorSipConfig);
-    }
-    if (init_api->pAppidConfig->detectorSipConfig.sipServerMatcher)
-    {
-        sipServerClean(&init_api->pAppidConfig->detectorSipConfig);
-    }
+    if (detector_sip_config.sip_ua_matcher)
+        clean_sip_ua();
+
+    if (detector_sip_config.sip_server_matcher)
+        clean_sip_server();
+
     return CLIENT_APP_SUCCESS;
 }
 
-static void sip_clean(const CleanClientAppAPI* const clean_api)
+static void sip_clean()
 {
-    if (clean_api->pAppidConfig->detectorSipConfig.sipUaMatcher)
-    {
-        sipUaClean(&clean_api->pAppidConfig->detectorSipConfig);
-    }
-    if (clean_api->pAppidConfig->detectorSipConfig.sipServerMatcher)
-    {
-        sipServerClean(&clean_api->pAppidConfig->detectorSipConfig);
-    }
+    if (detector_sip_config.sip_ua_matcher)
+        clean_sip_ua();
+
+    if (detector_sip_config.sip_server_matcher)
+        clean_sip_server();
 }
 
 static CLIENT_APP_RETCODE sip_tcp_client_init(const IniClientAppAPI* const init_api,
-    SF_LIST* config)
+        SF_LIST* config)
 {
     unsigned i;
     RNAClientAppModuleConfigItem* item;
 
-    sip_config.enabled = 1;
+    detector_sip_config.enabled = true;
 
     if (config)
     {
@@ -277,13 +272,11 @@ static CLIENT_APP_RETCODE sip_tcp_client_init(const IniClientAppAPI* const init_
         {
             DebugFormat(DEBUG_LOG,"Processing %s: %s\n",item->name, item->value);
             if (strcasecmp(item->name, "enabled") == 0)
-            {
-                sip_config.enabled = atoi(item->value);
-            }
+                detector_sip_config.enabled = atoi(item->value) ? true : false;
         }
     }
 
-    if (sip_config.enabled)
+    if (detector_sip_config.enabled)
     {
         for (i=0; i < sizeof(patterns)/sizeof(*patterns); i++)
         {
@@ -291,7 +284,7 @@ static CLIENT_APP_RETCODE sip_tcp_client_init(const IniClientAppAPI* const init_
                        (const char*)patterns[i].pattern, patterns[i].index);
             init_api->RegisterPattern(&sip_tcp_client_validate, IpProtocol::TCP,
                 patterns[i].pattern, patterns[i].length,
-                patterns[i].index, init_api->pAppidConfig);
+                patterns[i].index);
         }
     }
 
@@ -300,7 +293,7 @@ static CLIENT_APP_RETCODE sip_tcp_client_init(const IniClientAppAPI* const init_
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdClientRegistry[j].appId);
         init_api->RegisterAppId(&sip_tcp_client_validate, appIdClientRegistry[j].appId,
-            appIdClientRegistry[j].additionalInfo, init_api->pAppidConfig);
+            appIdClientRegistry[j].additionalInfo);
     }
 
     return CLIENT_APP_SUCCESS;
@@ -317,7 +310,7 @@ static void clientDataFree(void* data)
 
 // static const char* const SIP_USRNAME_BEGIN_MARKER = "<sip:";
 static CLIENT_APP_RETCODE sip_client_validate(const uint8_t*, uint16_t, const int,
-    AppIdSession* flowp, Packet*, struct Detector*, const AppIdConfig*)
+    AppIdSession* flowp, Packet*, struct Detector*)
 {
     ClientSIPData* fd;
 
@@ -335,15 +328,12 @@ static CLIENT_APP_RETCODE sip_client_validate(const uint8_t*, uint16_t, const in
     return CLIENT_APP_INPROCESS;
 }
 
-static CLIENT_APP_RETCODE sip_tcp_client_validate(const uint8_t* data, uint16_t size, const int
-    dir,
-    AppIdSession* flowp, Packet* pkt, struct Detector* userData,
-    const AppIdConfig* pConfig)
+static CLIENT_APP_RETCODE sip_tcp_client_validate(const uint8_t* data, uint16_t size,
+        const int dir, AppIdSession* flowp, Packet* pkt, struct Detector* userData)
 {
-    return sip_client_validate(data, size, dir, flowp, pkt, userData, pConfig);
+    return sip_client_validate(data, size, dir, flowp, pkt, userData);
 }
 
-#ifdef APPID_UNUSED_CODE
 static int sipAppAddPattern(DetectorAppSipPattern** patternList, AppId ClientAppId,
     const char* clientVersion, const char* serverPattern)
 {
@@ -360,113 +350,99 @@ static int sipAppAddPattern(DetectorAppSipPattern** patternList, AppId ClientApp
     return 0;
 }
 
-static int sipUaPatternAdd(
-    AppId ClientAppId,
-    const char* clientVersion,
-    const char* pattern,
-    DetectorSipConfig* pSipConfig
-    )
+int sipUaPatternAdd( AppId ClientAppId, const char* clientVersion, const char* pattern)
 {
-    return sipAppAddPattern(&pSipConfig->appSipUaList, ClientAppId, clientVersion, pattern);
+    return sipAppAddPattern(&detector_sip_config.sip_ua_list, ClientAppId, clientVersion, pattern);
 }
 
-static int sipServerPatternAdd(
-    AppId ClientAppId,
-    const char* clientVersion,
-    const char* pattern,
-    DetectorSipConfig* pSipConfig
-    )
+// FIXIT-L - noone calls this function, is it needed?
+int sipServerPatternAdd(AppId ClientAppId, const char* clientVersion, const char* pattern)
 {
-    return sipAppAddPattern(&pSipConfig->appSipServerList, ClientAppId, clientVersion, pattern);
+    return sipAppAddPattern(&detector_sip_config.sip_server_list, ClientAppId, clientVersion, pattern);
 }
 
-static int sipUaFinalize(DetectorSipConfig* pSipConfig)
+int finalize_sip_ua()
 {
-    const int PATTERN_PART_MAX=10;
-    static tMlmpPattern patterns[PATTERN_PART_MAX];
+    const int PATTERN_PART_MAX = 10;
+    static THREAD_LOCAL tMlmpPattern patterns[PATTERN_PART_MAX];
     int num_patterns;
     DetectorAppSipPattern* patternNode;
 
-    pSipConfig->sipUaMatcher = mlmpCreate();
-    if (!pSipConfig->sipUaMatcher)
+    detector_sip_config.sip_ua_matcher = mlmpCreate();
+    if (!detector_sip_config.sip_ua_matcher)
         return -1;
 
-    pSipConfig->sipServerMatcher = mlmpCreate();
-    if (!pSipConfig->sipServerMatcher)
+    detector_sip_config.sip_server_matcher = mlmpCreate();
+    if (!detector_sip_config.sip_server_matcher)
     {
-        mlmpDestroy((tMlmpTree*)pSipConfig->sipUaMatcher);
-        pSipConfig->sipUaMatcher = nullptr;
+        mlmpDestroy((tMlmpTree*)detector_sip_config.sip_ua_matcher);
+        detector_sip_config.sip_ua_matcher = nullptr;
         return -1;
     }
 
-    for (patternNode = pSipConfig->appSipUaList; patternNode; patternNode = patternNode->next)
+    for (patternNode = detector_sip_config.sip_ua_list; patternNode; patternNode = patternNode->next)
     {
         num_patterns = parseMultipleHTTPPatterns((const char*)patternNode->pattern.pattern,
             patterns,  PATTERN_PART_MAX, 0);
         patterns[num_patterns].pattern = nullptr;
 
-        mlmpAddPattern((tMlmpTree*)pSipConfig->sipUaMatcher, patterns, patternNode);
+        mlmpAddPattern((tMlmpTree*)detector_sip_config.sip_ua_matcher, patterns, patternNode);
     }
 
-    for (patternNode = pSipConfig->appSipServerList; patternNode; patternNode = patternNode->next)
+    for (patternNode = detector_sip_config.sip_server_list; patternNode; patternNode = patternNode->next)
     {
         num_patterns = parseMultipleHTTPPatterns((const char*)patternNode->pattern.pattern,
             patterns,  PATTERN_PART_MAX, 0);
         patterns[num_patterns].pattern = nullptr;
 
-        mlmpAddPattern((tMlmpTree*)pSipConfig->sipServerMatcher, patterns, patternNode);
+        mlmpAddPattern((tMlmpTree*)detector_sip_config.sip_server_matcher, patterns, patternNode);
     }
 
-    mlmpProcessPatterns((tMlmpTree*)pSipConfig->sipUaMatcher);
-    mlmpProcessPatterns((tMlmpTree*)pSipConfig->sipServerMatcher);
+    mlmpProcessPatterns((tMlmpTree*)detector_sip_config.sip_ua_matcher);
+    mlmpProcessPatterns((tMlmpTree*)detector_sip_config.sip_server_matcher);
     return 0;
 }
-#endif
 
-static void sipUaClean(DetectorSipConfig* pSipConfig)
+static void clean_sip_ua()
 {
     DetectorAppSipPattern* node;
 
-    if (pSipConfig->sipUaMatcher)
+    if (detector_sip_config.sip_ua_matcher)
     {
-        mlmpDestroy((tMlmpTree*)pSipConfig->sipUaMatcher);
-        pSipConfig->sipUaMatcher = nullptr;
+        mlmpDestroy((tMlmpTree*)detector_sip_config.sip_ua_matcher);
+        detector_sip_config.sip_ua_matcher = nullptr;
     }
 
-    for (node = pSipConfig->appSipUaList; node; node = pSipConfig->appSipUaList)
+    for (node = detector_sip_config.sip_ua_list; node; node = detector_sip_config.sip_ua_list)
     {
-        pSipConfig->appSipUaList = node->next;
+        detector_sip_config.sip_ua_list = node->next;
         snort_free((void*)node->pattern.pattern);
         snort_free(node->userData.clientVersion);
         snort_free(node);
     }
 }
 
-static void sipServerClean(DetectorSipConfig* pSipConfig)
+static void clean_sip_server()
 {
     DetectorAppSipPattern* node;
 
-    if (pSipConfig->sipServerMatcher)
+    if (detector_sip_config.sip_server_matcher)
     {
-        mlmpDestroy((tMlmpTree*)pSipConfig->sipServerMatcher);
-        pSipConfig->sipServerMatcher = nullptr;
+        mlmpDestroy((tMlmpTree*)detector_sip_config.sip_server_matcher);
+        detector_sip_config.sip_server_matcher = nullptr;
     }
 
-    for (node = pSipConfig->appSipServerList; node; node = pSipConfig->appSipServerList)
+    for (node = detector_sip_config.sip_server_list; node; node = detector_sip_config.sip_server_list)
     {
-        pSipConfig->appSipServerList = node->next;
+        detector_sip_config.sip_server_list = node->next;
         snort_free((void*)node->pattern.pattern);
         snort_free(node->userData.clientVersion);
         snort_free(node);
     }
 }
 
-static int sipAppGeClientApp(
-    void* patternMatcher,
-    char* pattern,
-    uint32_t patternLen,
-    AppId* ClientAppId,
-    char** clientVersion)
+static int get_sip_client_app(void* patternMatcher, char* pattern, uint32_t patternLen,
+    AppId* ClientAppId, char** clientVersion)
 {
     tMlmpPattern patterns[3];
     DetectorAppSipPattern* data;
@@ -489,9 +465,8 @@ static int sipAppGeClientApp(
     return 1;
 }
 
-static void createRtpFlow(AppIdSession* flowp, const Packet* pkt, const sfip_t* cliIp, uint16_t
-    cliPort,
-    const sfip_t* srvIp, uint16_t srvPort, IpProtocol proto, int16_t app_id)
+static void createRtpFlow(AppIdSession* flowp, const Packet* pkt, const sfip_t* cliIp,
+        uint16_t cliPort,  const sfip_t* srvIp, uint16_t srvPort, IpProtocol proto, int16_t app_id)
 {
     AppIdSession* fp, * fp2;
 
@@ -600,7 +575,7 @@ static void SipSessionCbClientProcess(const Packet* p, const SipHeaders* headers
 
     if (fd->clientUserAgent)
     {
-        if (sipAppGeClientApp(pAppidActiveConfig->detectorSipConfig.sipUaMatcher,
+        if (get_sip_client_app(detector_sip_config.sip_ua_matcher,
             fd->clientUserAgent, strlen(fd->clientUserAgent), &ClientAppId, &clientVersion))
             goto success;
     }
@@ -609,7 +584,7 @@ static void SipSessionCbClientProcess(const Packet* p, const SipHeaders* headers
     {
         fd->flags |= SIP_FLAG_SERVER_CHECKED;
 
-        if (sipAppGeClientApp(pAppidActiveConfig->detectorSipConfig.sipServerMatcher,
+        if (get_sip_client_app(detector_sip_config.sip_server_matcher,
             (char*)fd->from, strlen(fd->from), &ClientAppId, &clientVersion))
             goto success;
     }
@@ -718,46 +693,41 @@ void SipSessionSnortCallback(void*, ServiceEventType, void* data)
 
 static int sip_service_init(const IniServiceAPI* const init_api)
 {
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const uint8_t*)SIP_BANNER,
-        SIP_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const uint8_t*)SIP_BANNER,
-        SIP_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const
-        uint8_t*)SIP_INVITE_BANNER, SIP_INVITE_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const
-        uint8_t*)SIP_INVITE_BANNER, SIP_INVITE_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const
-        uint8_t*)SIP_ACK_BANNER,
-        SIP_ACK_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const
-        uint8_t*)SIP_ACK_BANNER,
-        SIP_ACK_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const
-        uint8_t*)SIP_REGISTER_BANNER, SIP_REGISTER_BANNER_LEN, 0, svc_name,
-        init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const
-        uint8_t*)SIP_REGISTER_BANNER, SIP_REGISTER_BANNER_LEN, 0, svc_name,
-        init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const
-        uint8_t*)SIP_CANCEL_BANNER, SIP_CANCEL_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const
-        uint8_t*)SIP_CANCEL_BANNER, SIP_CANCEL_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const
-        uint8_t*)SIP_BYE_BANNER,
-        SIP_BYE_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const
-        uint8_t*)SIP_BYE_BANNER,
-        SIP_BYE_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP, (const
-        uint8_t*)SIP_OPTIONS_BANNER, SIP_OPTIONS_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
-    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP, (const
-        uint8_t*)SIP_OPTIONS_BANNER, SIP_OPTIONS_BANNER_LEN, 0, svc_name, init_api->pAppidConfig);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_BANNER, SIP_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const uint8_t*)SIP_BANNER, SIP_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_INVITE_BANNER, SIP_INVITE_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const uint8_t*)SIP_INVITE_BANNER, SIP_INVITE_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_ACK_BANNER, SIP_ACK_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const uint8_t*)SIP_ACK_BANNER, SIP_ACK_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_REGISTER_BANNER, SIP_REGISTER_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const uint8_t*)SIP_REGISTER_BANNER, SIP_REGISTER_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_CANCEL_BANNER, SIP_CANCEL_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const uint8_t*)SIP_CANCEL_BANNER, SIP_CANCEL_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_BYE_BANNER, SIP_BYE_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const uint8_t*)SIP_BYE_BANNER, SIP_BYE_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::UDP,
+            (const uint8_t*)SIP_OPTIONS_BANNER, SIP_OPTIONS_BANNER_LEN, 0, svc_name);
+    init_api->RegisterPattern(&sip_service_validate, IpProtocol::TCP,
+            (const  uint8_t*)SIP_OPTIONS_BANNER, SIP_OPTIONS_BANNER_LEN, 0, svc_name);
+
     unsigned i;
     for (i=0; i < sizeof(appIdServiceRegistry)/sizeof(*appIdServiceRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdServiceRegistry[i].appId);
         init_api->RegisterAppId(&sip_service_validate, appIdServiceRegistry[i].appId,
-            appIdServiceRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdServiceRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.h b/src/network_inspectors/appid/detector_plugins/detector_sip.h
index a44150c896a35237b930c107125bc8716f3291b5..03a6174a2c304142364012c913fb696b2f6dc9e1 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_sip.h
+++ b/src/network_inspectors/appid/detector_plugins/detector_sip.h
@@ -42,21 +42,16 @@ struct DetectorAppSipPattern
     DetectorAppSipPattern* next;
 };
 
-struct DetectorSipConfig
-{
-    void* sipUaMatcher;
-    DetectorAppSipPattern* appSipUaList;
-    void* sipServerMatcher;
-    DetectorAppSipPattern* appSipServerList;
-};
-
 extern struct RNAClientAppModule sip_udp_client_mod;
 extern struct RNAClientAppModule sip_tcp_client_mod;
 extern struct RNAServiceValidationModule sip_service_mod;
 
 // FIXIT-M: ServiceEventType enum needs to become real when SIP is supported
 enum ServiceEventType {};
-void SipSessionSnortCallback(void* ssnptr, ServiceEventType, void* eventData);
 
+void SipSessionSnortCallback(void* ssnptr, ServiceEventType, void* eventData);
+int sipUaPatternAdd( AppId, const char* clientVersion, const char* uaPattern);
+int sipServerPatternAdd(AppId, const char* clientVersion, const char* uaPattern);
+int finalize_sip_ua();
 #endif
 

diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
index 9affa29cc8da5a10e96103f4494a644eb695207d..cc4ae897caa0475f02ea8ea9275c534eab2ad597 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
+++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
@@ -81,19 +81,19 @@ void destroyHosUrlPatternList(HosUrlPatternsList** pHosUrlPatternsList)
     *pHosUrlPatternsList = nullptr;
 }
 
-int addMlmpPattern(void* hosUrlMatcher, HosUrlPatternsList** hosUrlPatternsList,
-    const uint8_t* host_pattern, int host_pattern_size,
-    const uint8_t* path_pattern, int path_pattern_size, const uint8_t* query_pattern, int
-    query_pattern_size,
+int addMlmpPattern(void* host_url_matcher, HosUrlPatternsList** hosUrlPatternsList,
+    const uint8_t* host_pattern, int host_pattern_size, const uint8_t* path_pattern,
+    int path_pattern_size, const uint8_t* query_pattern, int query_pattern_size,
     AppId appId, uint32_t payload_id, uint32_t service_id, uint32_t client_id, DHPSequence seq)
 {
-    static tMlmpPattern patterns[PATTERN_PART_MAX];
+    tMlmpPattern patterns[PATTERN_PART_MAX];
+
     int num_patterns;
 
     if (!host_pattern)
         return -1;
 
-    if (!hosUrlMatcher)
+    if (!host_url_matcher)
         return -1;
 
     HosUrlDetectorPattern* detector =
@@ -138,11 +138,11 @@ int addMlmpPattern(void* hosUrlMatcher, HosUrlPatternsList** hosUrlPatternsList,
     if (addHosUrlPatternToList(detector, hosUrlPatternsList))
         return -1;
 
-    return mlmpAddPattern((tMlmpTree*)hosUrlMatcher, patterns, detector);
+    return mlmpAddPattern((tMlmpTree*)host_url_matcher, patterns, detector);
 }
 
-uint32_t parseMultipleHTTPPatterns(const char* pattern, tMlmpPattern* parts, uint32_t
-    numPartLimit, int level)
+uint32_t parseMultipleHTTPPatterns(const char* pattern, tMlmpPattern* parts,
+        uint32_t numPartLimit, int level)
 {
     uint32_t partNum = 0;
     const char* tmp;
@@ -185,12 +185,12 @@ uint32_t parseMultipleHTTPPatterns(const char* pattern, tMlmpPattern* parts, uin
 
 /**recursively destroy matcher.
  */
-void destroyHosUrlMatcher(tMlmpTree** hosUrlMatcher)
+void destroyHosUrlMatcher(tMlmpTree** host_url_matcher)
 {
-    if (hosUrlMatcher && *hosUrlMatcher)
+    if (host_url_matcher && *host_url_matcher)
     {
-        mlmpDestroy(*hosUrlMatcher);
-        *hosUrlMatcher = nullptr;
+        mlmpDestroy(*host_url_matcher);
+        *host_url_matcher = nullptr;
     }
 }
 

diff --git a/src/network_inspectors/appid/fw_appid.cc b/src/network_inspectors/appid/fw_appid.cc
index 6928f42b88564f51fd17cc093128af7c4436f541..6a21e055da0d08e13aa340308ae0f7bee7b3d34d 100644 (file)
--- a/src/network_inspectors/appid/fw_appid.cc
+++ b/src/network_inspectors/appid/fw_appid.cc
@@ -48,18 +48,6 @@
 #define HTTP_PATTERN_MAX_LEN    1024
 #define PORT_MAX 65535
 
-void dump_appid_stats()
-{
-    LogMessage("Application Identification Preprocessor:\n");
-    LogMessage("   Total packets received : %" PRIu64 "\n", appid_stats.packets);
-    LogMessage("  Total packets processed : %" PRIu64 "\n", appid_stats.processed_packets);
-    if (thirdparty_appid_module)
-        thirdparty_appid_module->print_stats();
-    LogMessage("    Total packets ignored : %" PRIu64 "\n", appid_stats.ignored_packets);
-    AppIdServiceStateDumpStats();
-    RNAPndDumpLuaStats();
-}
-
 #ifdef APPID_UNUSED_CODE
 void reset_appid_stats(int, void*)
 {
@@ -68,12 +56,6 @@ void reset_appid_stats(int, void*)
 }
 #endif
 
-void fwAppIdFini(AppIdConfig* pConfig)
-{
-    AppIdSession::release_free_list_flow_data();
-    appInfoTableFini(pConfig);
-}
-
 unsigned isIPv4HostMonitored(uint32_t ip4, int32_t zone)
 {
     NetworkSet* net_list;
@@ -180,12 +162,13 @@ void AppIdAddPayload(AppIdSession* session, AppId payload_id)
 void checkSandboxDetection(AppId appId)
 {
     AppInfoTableEntry* entry;
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
-    if (pAppidActiveConfig->mod_config->instance_id && pConfig)
+    if (pAppidActiveConfig->mod_config->instance_id)
     {
-        entry = appInfoEntryGet(appId, pConfig);
+        entry = appInfoEntryGet(appId);
         if ( entry && ( entry->flags & APPINFO_FLAG_ACTIVE ) )
             fprintf(SF_DEBUG_FILE, "Detected AppId %d\n", entry->appId);
+        else if( appId != 0 )
+            fprintf(SF_DEBUG_FILE, "No Entry For AppId %d\n", appId);
     }
 }

diff --git a/src/network_inspectors/appid/fw_appid.h b/src/network_inspectors/appid/fw_appid.h
index 50948dad8801859282e0283463b4799e01ee36a0..c17eeb97fe58aecd6126d7c0bcc5e37c22174dbb 100644 (file)
--- a/src/network_inspectors/appid/fw_appid.h
+++ b/src/network_inspectors/appid/fw_appid.h
@@ -41,7 +41,6 @@ extern uint8_t appIdPriorityArray[SF_APPID_MAX + 1];
 
 AppIdSession* getAppIdData(void* lwssn);
 
-void fwAppIdFini(AppIdConfig*);
 void AppIdAddUser(AppIdSession*, const char* username, AppId, int success);
 void AppIdAddDnsQueryInfo(AppIdSession*, uint16_t id, const uint8_t* host, uint8_t host_len,
         uint16_t host_offset, uint16_t record_type);
@@ -49,7 +48,6 @@ void AppIdAddDnsResponseInfo(AppIdSession*, uint16_t id, const uint8_t* host, ui
         uint16_t host_offset, uint8_t response_type, uint32_t ttl);
 void AppIdResetDnsInfo(AppIdSession*);
 void AppIdAddPayload(AppIdSession*, AppId);
-void dump_appid_stats();
 
 extern unsigned dhcp_fp_table_size;
 
@@ -122,8 +120,7 @@ inline int TPIsAppIdAvailable(void* tpSession)
 inline int testSSLAppIdForReinspect(AppId app_id)
 {
     if (app_id <= SF_APPID_MAX &&
-            (app_id == APP_ID_SSL ||
-                    appInfoEntryFlagGet(app_id, APPINFO_FLAG_SSL_INSPECT, pAppidActiveConfig)))
+            (app_id == APP_ID_SSL || appInfoEntryFlagGet(app_id, APPINFO_FLAG_SSL_INSPECT)))
         return 1;
     else
         return 0;

diff --git a/src/network_inspectors/appid/host_port_app_cache.cc b/src/network_inspectors/appid/host_port_app_cache.cc
index bfa246fddbdbe8f75e240519fb77edc9e3a86779..1bffe77f62892bd9ac9784bf74f365045491514f 100644 (file)
--- a/src/network_inspectors/appid/host_port_app_cache.cc
+++ b/src/network_inspectors/appid/host_port_app_cache.cc
@@ -26,40 +26,39 @@
 #include "log/messages.h"
 #include "sfip/sf_ip.h"
 
-void hostPortAppCacheInit(AppIdConfig* pConfig)
+THREAD_LOCAL SFXHASH* hostPortCache = nullptr;
+
+void hostPortAppCacheInit()
 {
-    auto hash = sfxhash_new(
-        2048, sizeof(HostPortKey), sizeof(HostPortVal), 0, 0, nullptr, nullptr, 0);
+    auto hash = sfxhash_new( 2048, sizeof(HostPortKey), sizeof(HostPortVal),
+            0, 0, nullptr, nullptr, 0);
 
     if ( hash )
-        pConfig->hostPortCache = hash;
-
+        hostPortCache = hash;
     else
         ErrorMessage("failed to allocate HostPort map");
 }
 
-void hostPortAppCacheFini(AppIdConfig* pConfig)
+void hostPortAppCacheFini()
 {
-    if ( pConfig->hostPortCache )
+    if ( hostPortCache )
     {
-        sfxhash_delete(pConfig->hostPortCache);
-        pConfig->hostPortCache = nullptr;
+        sfxhash_delete(hostPortCache);
+        hostPortCache = nullptr;
     }
 }
 
-HostPortVal* hostPortAppCacheFind(const sfip_t* snort_ip, uint16_t port, IpProtocol protocol,
-        const AppIdConfig* pConfig)
+HostPortVal* hostPortAppCacheFind(const sfip_t* snort_ip, uint16_t port, IpProtocol protocol)
 {
     HostPortKey hk;
     sfip_set_ip(&hk.ip, snort_ip);
     hk.port = port;
     hk.proto = protocol;
 
-    return (HostPortVal*)sfxhash_find(pConfig->hostPortCache, &hk);
+    return (HostPortVal*)sfxhash_find(hostPortCache, &hk);
 }
 
-int hostPortAppCacheAdd(const sfip_t* ip, uint16_t port, IpProtocol proto, unsigned type,
-    AppId appId, AppIdConfig* pConfig)
+int hostPortAppCacheAdd(const sfip_t* ip, uint16_t port, IpProtocol proto, unsigned type, AppId appId)
 {
     HostPortKey hk;
     HostPortVal hv;
@@ -69,14 +68,14 @@ int hostPortAppCacheAdd(const sfip_t* ip, uint16_t port, IpProtocol proto, unsig
     hv.appId = appId;
     hv.type = type;
 
-    return sfxhash_add(pConfig->hostPortCache, &hk, &hv) ? 0 : 1;
+    return sfxhash_add(hostPortCache, &hk, &hv) ? 0 : 1;
 }
 
-void hostPortAppCacheDump(const AppIdConfig* pConfig)
+void hostPortAppCacheDump()
 {
-    for ( SFXHASH_NODE* node = sfxhash_findfirst(pConfig->hostPortCache);
+    for ( SFXHASH_NODE* node = sfxhash_findfirst(hostPortCache);
         node;
-        node = sfxhash_findnext(pConfig->hostPortCache))
+        node = sfxhash_findnext(hostPortCache))
     {
         char inet_buffer[INET6_ADDRSTRLEN];
         HostPortKey* hk;

diff --git a/src/network_inspectors/appid/host_port_app_cache.h b/src/network_inspectors/appid/host_port_app_cache.h
index 76ecadb46c0f70e4d18ea3ebc586e49e5b311206..fbbe7198a8f2ddc823abc35bc2b6df0eca9de54c 100644 (file)
--- a/src/network_inspectors/appid/host_port_app_cache.h
+++ b/src/network_inspectors/appid/host_port_app_cache.h
@@ -41,13 +41,11 @@ struct HostPortVal
     unsigned type;
 };
 
-void hostPortAppCacheInit(AppIdConfig*);
-void hostPortAppCacheFini(AppIdConfig*);
-HostPortVal* hostPortAppCacheFind(const sfip_t*, uint16_t port, IpProtocol proto,
-        const AppIdConfig*);
-int hostPortAppCacheAdd(const sfip_t*, uint16_t port, IpProtocol proto, unsigned type,
-        AppId, AppIdConfig*);
-void hostPortAppCacheDump(const AppIdConfig*);
+void hostPortAppCacheInit();
+void hostPortAppCacheFini();
+HostPortVal* hostPortAppCacheFind(const sfip_t*, uint16_t port, IpProtocol proto);
+int hostPortAppCacheAdd(const sfip_t*, uint16_t port, IpProtocol proto, unsigned type, AppId);
+void hostPortAppCacheDump();
 
 #endif
 

diff --git a/src/network_inspectors/appid/http_common.h b/src/network_inspectors/appid/http_common.h
index 3c06a4cdb73445b50b7b9066371bfa6c08bc5cdb..74ef5f139fc6ceee8a83ed97c2fe783372f50662 100644 (file)
--- a/src/network_inspectors/appid/http_common.h
+++ b/src/network_inspectors/appid/http_common.h
@@ -86,35 +86,6 @@ struct HTTPListElement
     HTTPListElement* next;
 };
 
-#define APPL_VERSION_LENGTH   40
-
-struct UrlUserData
-{
-    uint32_t service_id;
-    uint32_t client_app;
-    uint32_t payload;
-    AppId appId;
-    tMlpPattern query;
-};
-
-struct DetectorAppUrlPattern
-{
-    struct
-    {
-        tMlpPattern host;
-        tMlpPattern path;
-        tMlpPattern scheme;
-    } patterns;
-
-    UrlUserData userData;
-};
-
-struct DetectorAppUrlList
-{
-    DetectorAppUrlPattern** urlPattern;
-    size_t usedCount;
-    size_t allocatedCount;
-};
 
 // These values are used in Lua code as raw numbers. Do NOT reassign new values.
 #define APP_TYPE_SERVICE    0x1
@@ -139,7 +110,9 @@ enum ActionType
     HOLD_FLOW,                              //12
     GET_OFFSETS_FROM_REBUILT,               //13
     SEARCH_UNSUPPORTED,                     //14
-    MAX_ACTION_TYPE = SEARCH_UNSUPPORTED,
+    DEFER_TO_SIMPLE_DETECT,                 //15
+    MAX_ACTION_TYPE = DEFER_TO_SIMPLE_DETECT,
+
 };
 
 // These values are used in Lua code as raw numbers. Do NOT reassign new values.
@@ -231,17 +204,6 @@ struct CHPMatchTally
     CHPMatchCandidate item[1];
 };
 
-struct HttpPatternLists
-{
-    HTTPListElement* hostPayloadPatternList;
-    HTTPListElement* urlPatternList;
-    HTTPListElement* clientAgentPatternList;
-    HTTPListElement* contentTypePatternList;
-    CHPListElement* chpList;
-    DetectorAppUrlList appUrlList;
-    DetectorAppUrlList RTMPUrlList;
-};
-
 // url parts extracted from http headers.
 struct UrlStruct
 {
@@ -270,37 +232,5 @@ struct HosUrlPatternsList
     HosUrlDetectorPattern* tail;
 };
 
-struct DetectorHttpConfig
-{
-    SearchTool* url_matcher;
-    SearchTool* client_agent_matcher;
-    SearchTool* via_matcher;
-    tMlmpTree* hosUrlMatcher;
-    tMlmpTree* RTMPHosUrlMatcher;
-    SearchTool* header_matcher;
-    SearchTool* content_type_matcher;
-
-    // CHP matchers
-    // TODO: Is there a need for these variables? They just point to the pointers in the
-    // array chp_matchers[]. They are used only in the function http_detector_clean(). But
-    // there we could easily traverse through the members of chp_matchers instead of using
-    // these variables.
-    SearchTool* chp_user_agent_matcher;
-    SearchTool* chp_host_matcher;
-    SearchTool* chp_referer_matcher;
-    SearchTool* chp_uri_matcher;
-    SearchTool* chp_cookie_matcher;
-    SearchTool* chp_content_type_matcher;
-    SearchTool* chp_location_matcher;
-    SearchTool* chp_body_matcher;
-    // TODO: chp_req_body_matcher is not being used anywhere in the code, should it be removed?
-    SearchTool* chp_req_body_matcher;
-
-    SearchTool* chp_matchers[MAX_PATTERN_TYPE+1];
-
-    HosUrlPatternsList* hosUrlPatternsList;
-};
-
-extern AppId getAppIdByHttpUrl(UrlStruct* url, UrlUserData** rnaData);
 #endif
 

diff --git a/src/network_inspectors/appid/ips_appid_option.cc b/src/network_inspectors/appid/ips_appid_option.cc
index dc6245d457069b092a3a88cd4e3ebee3e1bf82aa..d0a1bda153977ed96d6eafe97ee482d2e49001d9 100644 (file)
--- a/src/network_inspectors/appid/ips_appid_option.cc
+++ b/src/network_inspectors/appid/ips_appid_option.cc
@@ -138,7 +138,7 @@ bool AppIdIpsOption::operator==(const IpsOption& ips) const
 void AppIdIpsOption::map_names_to_ids()
 {
     for (auto& appid_info : opt_data.appid_table)
-            appid_info.appid_ordinal = appGetAppId(appid_info.appid_name);
+            appid_info.appid_ordinal = get_appid_by_name(appid_info.appid_name);
 
     opt_data.ids_mapped = true;
 }

diff --git a/src/network_inspectors/appid/length_app_cache.cc b/src/network_inspectors/appid/length_app_cache.cc
index edfaa62fae6de479070b2b46291dd3b11a4a0264..a7da99dbe024020106518be9138ff99af6aabd4e 100644 (file)
--- a/src/network_inspectors/appid/length_app_cache.cc
+++ b/src/network_inspectors/appid/length_app_cache.cc
@@ -29,35 +29,31 @@
 
 #define HASH_NUM_ROWS (1024)
 
-void lengthAppCacheInit(AppIdConfig* pConfig)
+static THREAD_LOCAL SFXHASH* lengthCache = nullptr;
+
+void init_length_app_cache()
 {
-    if (!(pConfig->lengthCache = sfxhash_new(HASH_NUM_ROWS,
-            sizeof(LengthKey),
-            sizeof(AppId),
-            0,
-            0,
-            nullptr,
-            nullptr,
-            0)))
+    if (!(lengthCache = sfxhash_new(HASH_NUM_ROWS, sizeof(LengthKey), sizeof(AppId),
+            0, 0, nullptr, nullptr, 0)))
     {
         ErrorMessage("lengthAppCache: Failed to allocate length cache!");
     }
 }
 
-void lengthAppCacheFini(AppIdConfig* pConfig)
+void free_length_app_cache()
 {
-    if (pConfig->lengthCache)
+    if (lengthCache)
     {
-        sfxhash_delete(pConfig->lengthCache);
-        pConfig->lengthCache = nullptr;
+        sfxhash_delete(lengthCache);
+        lengthCache = nullptr;
     }
 }
 
-AppId lengthAppCacheFind(const LengthKey* key, const AppIdConfig* pConfig)
+AppId find_length_app_cache(const LengthKey* key)
 {
     AppId* val;
 
-    val = (AppId*)sfxhash_find(pConfig->lengthCache, (void*)key);
+    val = (AppId*)sfxhash_find(lengthCache, (void*)key);
     if (val == nullptr)
     {
         return APP_ID_NONE;    /* no match */
@@ -68,9 +64,9 @@ AppId lengthAppCacheFind(const LengthKey* key, const AppIdConfig* pConfig)
     }
 }
 
-bool lengthAppCacheAdd(const LengthKey* key, AppId val, AppIdConfig* pConfig)
+bool add_length_app_cache(const LengthKey* key, AppId val)
 {
-    if (sfxhash_add(pConfig->lengthCache, (void*)key, (void*)&val))
+    if (sfxhash_add(lengthCache, (void*)key, (void*)&val))
     {
         return false;
     }

diff --git a/src/network_inspectors/appid/length_app_cache.h b/src/network_inspectors/appid/length_app_cache.h
index 2df3a81f39d7f90e6220815c412d58874035670e..171056371ec6c5fa24b39dbf556372cb808b39f0 100644 (file)
--- a/src/network_inspectors/appid/length_app_cache.h
+++ b/src/network_inspectors/appid/length_app_cache.h
@@ -46,10 +46,10 @@ struct LengthKey
 
 #pragma pack()
 
-void lengthAppCacheInit(AppIdConfig*);
-void lengthAppCacheFini(AppIdConfig*);
-AppId lengthAppCacheFind(const LengthKey*, const AppIdConfig*);
-bool lengthAppCacheAdd(const LengthKey*, AppId, AppIdConfig*);
+void init_length_app_cache();
+void free_length_app_cache();
+AppId find_length_app_cache(const LengthKey*);
+bool add_length_app_cache(const LengthKey*, AppId);
 
 #endif
 

diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc
index b79a08cf05327ec312d09c7c2ab9f2930445a2ab..1c4a14f23f91bfa8c9c8a1ba2f368dea2a02a304 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_api.cc
+++ b/src/network_inspectors/appid/lua_detector_api.cc
@@ -46,11 +46,11 @@
 #include "service_plugins/service_ssl.h"
 #include "client_plugins/client_app_base.h"
 #include "detector_plugins/detector_dns.h"
+#include "detector_plugins/detector_http.h"
 #include "detector_plugins/detector_pattern.h"
 
 #define DETECTOR "Detector"
 #define OVECCOUNT 30    /* should be a multiple of 3 */
-#define URL_LIST_STEP_SIZE  5000
 
 #define CHECK_INPUTS() \
     if ( !checkServiceElement(ud) || !ud->validateParams.pkt ) \
@@ -69,13 +69,36 @@ enum
     LUA_LOG_DEBUG = 5,
 };
 
-/*static const char * LuaLogLabel = "luaDetectorApi"; */
-
 ProfileStats luaDetectorsPerfStats;
 ProfileStats luaCiscoPerfStats;
 ProfileStats luaCustomPerfStats;
 
-static void FreeDetectorAppUrlPattern(DetectorAppUrlPattern* pattern);
+static THREAD_LOCAL SFXHASH* CHP_glossary = nullptr;      // keep track of http multipatterns here
+
+static int genericDataFree(void* /* key */, void* data)
+{
+    if (data)
+        snort_free(data);
+    return 0;
+}
+
+int init_CHP_glossary()
+{
+    if (!(CHP_glossary = sfxhash_new(1024, sizeof(AppId), 0, 0, 0, nullptr, &genericDataFree, 0)))
+    {
+        ErrorMessage("Config: failed to allocate memory for an sfxhash.");
+        return 0;
+    }
+    else
+        return 1;
+}
+
+void free_CHP_glossary()
+{
+    if (CHP_glossary)
+        sfxhash_delete(CHP_glossary);
+    CHP_glossary = nullptr;
+}
 
 static inline int ConvertStringToAddress(const char* string, sfip_t* address)
 {
@@ -225,9 +248,8 @@ static void appSetLuaClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned
         struct Detector* data)
 {
     AppInfoTableEntry* entry;
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
-    if ((entry = appInfoEntryGet(appId, pConfig)))
+    if ((entry = appInfoEntryGet(appId)))
     {
         entry->flags |= APPINFO_FLAG_ACTIVE;
         extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER);
@@ -239,7 +261,7 @@ static void appSetLuaClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned
             return;
         }
 
-        entry->clntValidator = ClientAppGetClientAppModule(fcn, data, &pConfig->clientAppConfig);
+        entry->clntValidator = ClientAppGetClientAppModule(fcn, data);
         if (entry->clntValidator)
             entry->flags |= extractsInfo;
         else
@@ -259,12 +281,11 @@ static void appSetLuaServiceValidator(RNAServiceValidationFCN fcn, AppId appId,
     struct Detector* data)
 {
     AppInfoTableEntry* entry;
-    AppIdConfig* pConfig = pAppidActiveConfig;
 
     // FIXIT-L: what type of error would cause this lookup to fail? is this programming error
     // or user error due to misconfig or something like that... if change in handling needed
     // apply to all instances where this lookup is done
-    if ((entry = appInfoEntryGet(appId, pConfig)))
+    if ((entry = appInfoEntryGet(appId)))
     {
         entry->flags |= APPINFO_FLAG_ACTIVE;
 
@@ -276,7 +297,7 @@ static void appSetLuaServiceValidator(RNAServiceValidationFCN fcn, AppId appId,
             return;
         }
 
-        entry->svrValidator = ServiceGetServiceElement(fcn, data, pConfig);
+        entry->svrValidator = ServiceGetServiceElement(fcn, data);
         if (entry->svrValidator)
             entry->flags |= extractsInfo;
         else
@@ -305,7 +326,7 @@ static int common_registerAppId(lua_State* L)
         appSetLuaClientValidator(
             validateAnyClientApp, appId, APPINFO_FLAG_CLIENT_ADDITIONAL, ud.ptr);
 
-    appInfoSetActive(appId, true);
+    set_app_info_active(appId);
 
     lua_pushnumber(L, 0);
     return 1;
@@ -490,23 +511,6 @@ static int service_getServiceId(lua_State* L)
     return 1;
 }
 
-/**
- * Design Notes: In these APIs, three different AppID contexts - pAppidNewConfig, pAppidOldConfig
- * and pAppidActiveConfig are used. pAppidNewConfig is used in APIs related to the loading of the
- * detector such as service_addPorts(), client_registerPattern(), etc. A detector is loaded either
- * during reload or at initialization. Use of pAppidNewConfig will cause the data structures related
- * to the detector such as service ports, patterns, etc to be saved in the new AppID context.
- *
- * The new AppID context becomes active at the end of initialization or at reload swap.
- * FinalizeLuaModules() is called at this time, which changes all the detectors' pAppidActiveConfig
- * references to the new context. Also, pAppidOldConfig will be changed to point to the previous
- * AppID context. In the packet processing APIs such as service_addService(), client_addUser(), etc.
- * pAppidActiveConfig is used.
- *
- * In the cleanup APIs such as service_removePorts(), Detector_fini(), etc., data structures in the
- * old AppID conext need to be freed. Therefore, pAppidOldConfig is used in these APIs.
- */
-
 // Add port for a given service. Lua detectors call this function to register ports on which a
 // given service is expected to run.
 // @param protocol/stack - protocol type. Values can be {tcp=6, udp=17 }
@@ -528,7 +532,7 @@ static int service_addPorts(lua_State* L)
         return 1;
     }
 
-    if ( ServiceAddPort(&pp, &ud->server.serviceModule, ud, ud->pAppidNewConfig) )
+    if ( ServiceAddPort(&pp, &ud->server.serviceModule, ud) )
     {
         lua_pushnumber(L, -1);
         return 1;
@@ -541,22 +545,23 @@ static int service_addPorts(lua_State* L)
 }
 
 // Remove all ports for a given service. Lua detectors call this function to remove ports for this
-// service
-// when exiting. This function is not used currently by any detectors.
+// service when exiting. This function is not used currently by any detectors.
 // @return status/stack - 0 if successful, -1 otherwise.
 static int service_removePorts(lua_State* L)
 {
     auto& ud = *UserData<Detector>::check(L, DETECTOR, 1);
 
-    detectorRemoveAllPorts(ud, ud->pAppidOldConfig);
+    detectorRemoveAllPorts(ud);
 
     lua_pushnumber(L, 0);
     return 1;
 }
 
 // Shared function between Lua API and RNA core.
-void detectorRemoveAllPorts(Detector* detector, AppIdConfig* pConfig)
-{ ServiceRemovePorts(&validateAnyService, detector, pConfig); }
+void detectorRemoveAllPorts(Detector* detector)
+{
+    ServiceRemovePorts(&validateAnyService, detector);
+}
 
 // Set service name. Lua detectors call this function to set service name. It is preferred to set
 // service name
@@ -698,7 +703,7 @@ static int service_addService(
       Subtype is not displayed on DC at present. */
     retValue = AppIdServiceAddService(ud->validateParams.flowp, ud->validateParams.pkt,
         ud->validateParams.dir, ud->server.pServiceElement,
-        appGetAppFromServiceId(serviceId, ud->pAppidActiveConfig), vendor, version, nullptr);
+        get_appid_by_service_id(serviceId), vendor, version, nullptr);
 
     lua_pushnumber(L, retValue);
     return 1;
@@ -718,9 +723,8 @@ static int service_failService(lua_State* L)
     CHECK_INPUTS();
 
     unsigned int retValue = AppIdServiceFailService(ud->validateParams.flowp,
-        ud->validateParams.pkt,
-        ud->validateParams.dir, ud->server.pServiceElement, APPID_SESSION_DATA_NONE,
-        ud->pAppidActiveConfig);
+        ud->validateParams.pkt, ud->validateParams.dir, ud->server.pServiceElement,
+        APPID_SESSION_DATA_NONE, ud->appid_config);
 
     lua_pushnumber(L, retValue);
     return 1;
@@ -763,7 +767,7 @@ static int service_inCompatibleData(lua_State* L)
     retValue = AppIdServiceIncompatibleData(ud->validateParams.flowp,
         ud->validateParams.pkt,
         ud->validateParams.dir, ud->server.pServiceElement,
-        APPID_SESSION_DATA_NONE, ud->pAppidActiveConfig);
+        APPID_SESSION_DATA_NONE, ud->appid_config);
 
     lua_pushnumber(L, retValue);
     return 1;
@@ -1038,15 +1042,8 @@ static int Detector_getPktCount(lua_State* L)
     return 1;
 }
 
-CLIENT_APP_RETCODE validateAnyClientApp(
-    const uint8_t* data,
-    uint16_t size,
-    const int dir,
-    AppIdSession* flowp,
-    Packet* pkt,
-    Detector* detector,
-    const AppIdConfig*
-    )
+CLIENT_APP_RETCODE validateAnyClientApp( const uint8_t* data, uint16_t size, const int dir,
+    AppIdSession* flowp, Packet* pkt, Detector* detector )
 {
     Profile lua_profile_context(luaCustomPerfStats);
 
@@ -1131,18 +1128,16 @@ static int client_registerPattern(lua_State* L)
     /*mpse library does not hold reference to pattern therefore we dont need to allocate it. */
 
     ud->client.appModule.userData = ud.ptr;
-    ClientAppLoadForConfigCallback((void*)&(ud->client.appModule),
-        &ud->pAppidNewConfig->clientAppConfig);
-    ClientAppRegisterPattern(
-        validateAnyClientApp, protocol, (const uint8_t*)pattern, size,
-        position, 0, ud, &ud->pAppidNewConfig->clientAppConfig);
+    ClientAppLoadCallback((void*)&(ud->client.appModule));
+    ClientAppRegisterPattern(validateAnyClientApp, protocol, (const uint8_t*)pattern,
+            size, position, 0, ud);
 
     lua_pushnumber(L, 0);
     return 1;   /*number of results */
 }
 
 /**Creates a new detector instance. Creates a new detector instance and leaves the instance
- * on stack. This is the first call by a lua detector to create and instance. Later calls
+ * on stack. This is the first call by a lua detector to create an instance. Later calls
  * provide the detector instance.
  *
  * @param Lua_State* - Lua state variable.
@@ -1201,8 +1196,7 @@ static int client_addApp(lua_State* L)
     }
 
     ud->client.appModule.api->add_app(ud->validateParams.flowp,
-        appGetAppFromServiceId(serviceId, ud->pAppidActiveConfig), appGetAppFromClientId(
-        productId, ud->pAppidActiveConfig), version);
+        get_appid_by_service_id(serviceId), get_appid_by_client_id(productId), version);
 
     lua_pushnumber(L, 0);
     return 1;
@@ -1247,7 +1241,7 @@ static int client_addUser(lua_State* L)
     }
 
     ud->client.appModule.api->add_user(ud->validateParams.flowp, userName,
-        appGetAppFromServiceId(serviceId, ud->pAppidActiveConfig), 1);
+        get_appid_by_service_id(serviceId), 1);
 
     lua_pushnumber(L, 0);
     return 1;
@@ -1269,7 +1263,7 @@ static int client_addPayload(lua_State* L)
     }
 
     ud->client.appModule.api->add_payload(ud->validateParams.flowp,
-        appGetAppFromPayloadId(payloadId, ud->pAppidActiveConfig));
+            get_appid_by_payload_id(payloadId));
 
     lua_pushnumber(L, 0);
     return 1;
@@ -1360,12 +1354,10 @@ int Detector_addHttpPattern(lua_State* L)
 
     HTTPListElement* element = (HTTPListElement*)snort_calloc(sizeof(HTTPListElement));
     DetectorHTTPPattern* pattern = &element->detectorHTTPPattern;
-    AppIdConfig* pConfig = ud->pAppidNewConfig;
-
     pattern->seq           = seq;
-    pattern->service_id    = appGetAppFromServiceId(service_id, pConfig);
-    pattern->client_app    = appGetAppFromClientId(client_app, pConfig);
-    pattern->payload       = appGetAppFromPayloadId(payload, pConfig);
+    pattern->service_id    = get_appid_by_service_id(service_id);
+    pattern->client_app    = get_appid_by_client_id(client_app);
+    pattern->payload       = get_appid_by_payload_id(payload);
     pattern->pattern       = pattern_str;
     pattern->pattern_size  = (int)pattern_size;
     pattern->appId         = appId;
@@ -1376,32 +1368,14 @@ int Detector_addHttpPattern(lua_State* L)
        payload database. If you want a host pattern ID, use the other API.  */
 
     if (!service_id && !client_app && !payload && pType == 2)
-    {
         pattern->client_app = appId;
-    }
 
-    switch (pType)
-    {
-    case HTTP_PAYLOAD:
-        element->next = pConfig->httpPatternLists.hostPayloadPatternList;
-        pConfig->httpPatternLists.hostPayloadPatternList = element;
-        break;
-
-    case HTTP_URL:
-        element->next = pConfig->httpPatternLists.urlPatternList;
-        pConfig->httpPatternLists.urlPatternList = element;
-        break;
-
-    case HTTP_USER_AGENT:
-        element->next = pConfig->httpPatternLists.clientAgentPatternList;
-        pConfig->httpPatternLists.clientAgentPatternList = element;
-        break;
-    }
+    insert_http_pattern_element(pType, element);
 
-    appInfoSetActive(pattern->service_id, true);
-    appInfoSetActive(pattern->client_app, true);
-    appInfoSetActive(pattern->payload, true);
-    appInfoSetActive(appId, true);
+    set_app_info_active(pattern->service_id);
+    set_app_info_active(pattern->client_app);
+    set_app_info_active(pattern->payload);
+    set_app_info_active(appId);
 
     return 0;
 }
@@ -1437,7 +1411,7 @@ int Detector_addSSLCertPattern(lua_State* L)
 #ifdef REMOVED_WHILE_NOT_IN_USE
     pattern_str = (uint8_t*)snort_strdup(tmpString);
     if (!ssl_add_cert_pattern(pattern_str, pattern_size, type, app_id,
-        &ud->pAppidNewConfig->serviceSslConfig))
+        &ud->appid_config->serviceSslConfig))
     {
         snort_free(pattern_str);
         ErrorMessage("Failed to add an SSL pattern list member");
@@ -1448,7 +1422,7 @@ int Detector_addSSLCertPattern(lua_State* L)
     UNUSED(type);
 #endif
 
-    appInfoSetActive(app_id, true);
+    set_app_info_active(app_id);
     return 0;
 }
 
@@ -1481,8 +1455,7 @@ int Detector_addDNSHostPattern(lua_State* L)
         return 0;
     }
     pattern_str = (uint8_t*)snort_strdup(tmpString);
-    if (!dns_add_host_pattern(pattern_str, pattern_size, type, app_id,
-        &ud->pAppidNewConfig->serviceDnsConfig))
+    if (!dns_add_host_pattern(pattern_str, pattern_size, type, app_id))
     {
         snort_free(pattern_str);
         ErrorMessage("LuaDetectorApi:Failed to add an SSL pattern list member");
@@ -1520,7 +1493,7 @@ static int Detector_addSSLCnamePattern(lua_State* L)
 #ifdef REMOVED_WHILE_NOT_IN_USE
     pattern_str = (uint8_t*)snort_strdup(tmpString);
     if (!ssl_add_cname_pattern(pattern_str, pattern_size, type, app_id,
-        &ud->pAppidNewConfig->serviceSslConfig))
+        &ud->appid_config->serviceSslConfig))
     {
         snort_free(pattern_str);
         ErrorMessage("Failed to add an SSL pattern list member");
@@ -1531,7 +1504,7 @@ static int Detector_addSSLCnamePattern(lua_State* L)
     UNUSED(type);
 #endif
 
-    appInfoSetActive(app_id, true);
+    set_app_info_active(app_id);
     return 0;
 }
 
@@ -1570,8 +1543,7 @@ static int Detector_addHostPortApp(lua_State* L)
         return 0;
     }
 
-    if (!hostPortAppCacheAdd(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id,
-            ud->pAppidNewConfig))
+    if (!hostPortAppCacheAdd(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id))
     {
         ErrorMessage("%s:Failed to backend call\n",__func__);
     }
@@ -1606,16 +1578,11 @@ static int Detector_addContentTypePattern(lua_State* L)
 
     HTTPListElement* element = (HTTPListElement*)snort_calloc(sizeof(HTTPListElement));
     DetectorHTTPPattern* detector = &element->detectorHTTPPattern;
-    AppIdConfig* pConfig  = ud->pAppidNewConfig;
-
     detector->pattern = pattern;
     detector->pattern_size = strlen((char*)pattern);
     detector->appId = appId;
-
-    element->next = pConfig->httpPatternLists.contentTypePatternList;
-    pConfig->httpPatternLists.contentTypePatternList = element;
-
-    appInfoSetActive(appId, true);
+    insert_content_type_pattern(element);
+    set_app_info_active(appId);
 
     return 0;
 }
@@ -1634,16 +1601,14 @@ static inline int GetDetectorUserData(lua_State* L, int index,
     return 0;
 }
 
-static int detector_create_chp_app(UserData<Detector>* ud, AppId appIdInstance,
-    unsigned app_type_flags, int num_matches)
+static int detector_create_chp_app(AppId appIdInstance, unsigned app_type_flags, int num_matches)
 {
     CHPApp* new_app = (CHPApp*)snort_calloc(sizeof(CHPApp));
     new_app->appIdInstance = appIdInstance;
     new_app->app_type_flags = app_type_flags;
     new_app->num_matches = num_matches;
 
-    if (sfxhash_add((*ud)->pAppidNewConfig->CHP_glossary,
-        &(new_app->appIdInstance), new_app))
+    if (sfxhash_add(CHP_glossary, &(new_app->appIdInstance), new_app))
     {
         ErrorMessage("LuaDetectorApi:Failed to add CHP for appId %d, instance %d",
             CHP_APPIDINSTANCE_TO_ID(appIdInstance), CHP_APPIDINSTANCE_TO_INSTANCE(appIdInstance));
@@ -1659,9 +1624,7 @@ static int Detector_CHPCreateApp(lua_State* L)
     AppId appId;
     unsigned app_type_flags;
     int num_matches;
-
     AppId appIdInstance;
-
     int index = 1;
 
     if (GetDetectorUserData(L, index++, &ud,
@@ -1675,7 +1638,7 @@ static int Detector_CHPCreateApp(lua_State* L)
     num_matches =       lua_tointeger(L, index++);
 
     // We only want one of these for each appId.
-    if (sfxhash_find((*ud)->pAppidNewConfig->CHP_glossary, &appIdInstance))
+    if (sfxhash_find(CHP_glossary, &appIdInstance))
     {
         ErrorMessage(
             "LuaDetectorApi:Attempt to add more than one CHP for appId %d - use CHPMultiCreateApp",
@@ -1683,7 +1646,7 @@ static int Detector_CHPCreateApp(lua_State* L)
         return 0;
     }
 
-    detector_create_chp_app(ud, appIdInstance, app_type_flags, num_matches);
+    detector_create_chp_app(appIdInstance, app_type_flags, num_matches);
     return 0;
 }
 
@@ -1750,17 +1713,15 @@ static inline int CHPGetActionData(lua_State* L, int index, char** action_data)
     return 0;
 }
 
-static int detector_add_chp_action(UserData<Detector>* ud,
-    AppId appIdInstance, int isKeyPattern, PatternType patternType,
-    size_t patternSize, char* patternData, ActionType actionType, char* optionalActionData)
+static int detector_add_chp_action(AppId appIdInstance, int isKeyPattern, PatternType patternType,
+        size_t patternSize, char* patternData, ActionType actionType, char* optionalActionData)
 {
     uint precedence;
-    CHPListElement* tmp_chpa, * chpa;
+    CHPListElement* chpa;
     CHPApp* chpapp;
 
     //find the CHP App for this
-    if (!(chpapp = (decltype(chpapp))sfxhash_find((*ud)->pAppidNewConfig->CHP_glossary,
-            &appIdInstance)))
+    if (!(chpapp = (decltype(chpapp))sfxhash_find(CHP_glossary, &appIdInstance)))
     {
         ErrorMessage(
             "LuaDetectorApi:Invalid attempt to add a CHP action for unknown appId %d, instance %d. - pattern:\"%s\" - action \"%s\"",
@@ -1797,31 +1758,19 @@ static int detector_add_chp_action(UserData<Detector>* ud,
     chpa->chp_action.action = actionType;
     chpa->chp_action.action_data = optionalActionData;
     chpa->chp_action.chpapp = chpapp; // link this struct to the Glossary entry
-
-    AppIdConfig* pConfig = (*ud)->pAppidNewConfig;
-
-    tmp_chpa = pConfig->httpPatternLists.chpList;
-    if (!tmp_chpa)
-        pConfig->httpPatternLists.chpList = chpa;
-    else
-    {
-        while (tmp_chpa->next)
-            tmp_chpa = tmp_chpa->next;
-        tmp_chpa->next = chpa;
-    }
+    insert_chp_pattern(chpa);
 
     /* Set the safe-search bits in the appId entry */
     if (actionType == GET_OFFSETS_FROM_REBUILT)
     {
         /* This is a search engine and it is SUPPORTED for safe-search packet rewrite */
         appInfoEntryFlagSet(CHP_APPIDINSTANCE_TO_ID(appIdInstance), APPINFO_FLAG_SEARCH_ENGINE |
-            APPINFO_FLAG_SUPPORTED_SEARCH, pConfig);
+            APPINFO_FLAG_SUPPORTED_SEARCH);
     }
     else if (actionType == SEARCH_UNSUPPORTED)
     {
         /* This is a search engine and it is UNSUPPORTED for safe-search packet rewrite */
-        appInfoEntryFlagSet(CHP_APPIDINSTANCE_TO_ID(appIdInstance), APPINFO_FLAG_SEARCH_ENGINE,
-            pConfig);
+        appInfoEntryFlagSet(CHP_APPIDINSTANCE_TO_ID(appIdInstance), APPINFO_FLAG_SEARCH_ENGINE);
     }
     return 0;
 }
@@ -1874,8 +1823,8 @@ static int Detector_CHPAddAction(lua_State* L)
         return 0;
     }
 
-    return detector_add_chp_action(ud, appIdInstance, key_pattern, ptype,
-        psize, pattern, action, action_data);
+    return detector_add_chp_action(appIdInstance, key_pattern, ptype, psize, pattern,
+            action, action_data);
 }
 
 static int Detector_CHPMultiCreateApp(lua_State* L)
@@ -1901,8 +1850,7 @@ static int Detector_CHPMultiCreateApp(lua_State* L)
     for (instance=0; instance < CHP_APPID_INSTANCE_MAX; instance++ )
     {
         appIdInstance = (appId << CHP_APPID_BITS_FOR_INSTANCE) + instance;
-        if (sfxhash_find((*ud)->pAppidNewConfig->CHP_glossary,
-            &appIdInstance))
+        if ( sfxhash_find(CHP_glossary, &appIdInstance) )
             continue;
         break;
     }
@@ -1915,7 +1863,7 @@ static int Detector_CHPMultiCreateApp(lua_State* L)
         return 0;
     }
 
-    if (detector_create_chp_app(ud, appIdInstance, app_type_flags, num_matches))
+    if ( detector_create_chp_app(appIdInstance, app_type_flags, num_matches) )
         return 0;
 
     lua_pushnumber(L, appIdInstance);
@@ -1968,8 +1916,8 @@ static int Detector_CHPMultiAddAction(lua_State* L)
         return 0;
     }
 
-    return detector_add_chp_action(ud, appIdInstance, key_pattern, ptype,
-        psize, pattern, action, action_data);
+    return detector_add_chp_action(appIdInstance, key_pattern, ptype, psize, pattern,
+            action, action_data);
 }
 
 static int Detector_portOnlyService(lua_State* L)
@@ -1989,11 +1937,11 @@ static int Detector_portOnlyService(lua_State* L)
     uint8_t protocol = lua_tointeger(L, index++);
 
     if (port == 0)
-        ud->pAppidNewConfig->ip_protocol[protocol] = appId;
+        ud->appid_config->ip_protocol[protocol] = appId;
     else if (protocol == 6)
-        ud->pAppidNewConfig->tcp_port_only[port] = appId;
+        ud->appid_config->tcp_port_only[port] = appId;
     else if (protocol == 17)
-        ud->pAppidNewConfig->udp_port_only[port] = appId;
+        ud->appid_config->udp_port_only[port] = appId;
 
     return 0;
 }
@@ -2023,7 +1971,7 @@ static int Detector_lengthAppCacheAdd(lua_State* L)
     LengthKey length_sequence;
     int index = 1;
 
-    auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
+    UserData<Detector>::check(L, DETECTOR, index++);
 
     AppId appId = lua_tonumber(L, index++);
     IpProtocol proto = (IpProtocol)lua_tonumber(L, index++);
@@ -2102,7 +2050,7 @@ static int Detector_lengthAppCacheAdd(lua_State* L)
         str_ptr++;
     }
 
-    if (!lengthAppCacheAdd(&length_sequence, appId, ud->pAppidNewConfig))
+    if ( !add_length_app_cache(&length_sequence, appId) )
     {
         ErrorMessage("LuaDetectorApi:Could not add entry to cache!");
         lua_pushnumber(L, -1);
@@ -2116,7 +2064,6 @@ static int Detector_lengthAppCacheAdd(lua_State* L)
 static int Detector_AFAddApp(lua_State* L)
 {
     int index = 1;
-    AFElement val;
 
     auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
     if ( ud->validateParams.pkt )
@@ -2128,23 +2075,7 @@ static int Detector_AFAddApp(lua_State* L)
     ApplicationId indicator = (ApplicationId)lua_tointeger(L, index++);
     ApplicationId forecast  = (ApplicationId)lua_tointeger(L, index++);
     ApplicationId target    = (ApplicationId)lua_tointeger(L, index++);
-
-    if (sfxhash_find(ud->pAppidNewConfig->AF_indicators, &indicator))
-    {
-        ErrorMessage("LuaDetectorApi:Attempt to add more than one AFElement per appId %d",
-            indicator);
-        return 0;
-    }
-
-    val.indicator = indicator;
-    val.forecast = forecast;
-    val.target = target;
-
-    if (sfxhash_add(ud->pAppidNewConfig->AF_indicators, &indicator, &val))
-    {
-        ErrorMessage("LuaDetectorApi:Failed to add AFElement for appId %d", indicator);
-        return 0;
-    }
+    add_af_indicator(indicator, forecast, target);
 
     return 0;
 }
@@ -2152,7 +2083,6 @@ static int Detector_AFAddApp(lua_State* L)
 static int Detector_addAppUrl(lua_State* L)
 {
     int index = 1;
-    DetectorAppUrlPattern** tmp;
     const char* tmpString;
 
     /* Verify detector user data and that we are not in packet context */
@@ -2228,11 +2158,10 @@ static int Detector_addAppUrl(lua_State* L)
     /* Allocate memory for data structures */
     DetectorAppUrlPattern* pattern =
             (DetectorAppUrlPattern*)snort_calloc(sizeof(DetectorAppUrlPattern));
-    AppIdConfig* pConfig = ud->pAppidNewConfig;
 
-    pattern->userData.service_id        = appGetAppFromServiceId(service_id, pConfig);
-    pattern->userData.client_app        = appGetAppFromClientId(client_app, pConfig);
-    pattern->userData.payload           = appGetAppFromPayloadId(payload, pConfig);
+    pattern->userData.service_id        = get_appid_by_service_id(service_id);
+    pattern->userData.client_app        = get_appid_by_client_id(client_app);
+    pattern->userData.payload           = get_appid_by_payload_id(payload);
     pattern->userData.appId             = appId;
     pattern->userData.query.pattern     = queryPattern;
     pattern->userData.query.patternSize = queryPatternSize;
@@ -2242,33 +2171,12 @@ static int Detector_addAppUrl(lua_State* L)
     pattern->patterns.path.patternSize  = (int)pathPatternSize;
     pattern->patterns.scheme.pattern    = schemePattern;
     pattern->patterns.scheme.patternSize = (int)schemePatternSize;
+    insert_url_pattern(pattern);
 
-    DetectorAppUrlList* urlList = &pConfig->httpPatternLists.appUrlList;
-
-    /**first time usedCount and allocatedCount are both 0, urlPattern will be nullptr.
-     * This case is same as malloc. In case of error, realloc will return nullptr, and
-     * original urlPattern buffer is left untouched.
-     */
-    if (urlList->usedCount == urlList->allocatedCount)
-    {
-        tmp = (decltype(tmp))realloc(urlList->urlPattern, (urlList->allocatedCount+
-            URL_LIST_STEP_SIZE)*
-            sizeof(*tmp));
-        if (!tmp)
-        {
-            FreeDetectorAppUrlPattern(pattern);
-            return 0;
-        }
-        urlList->urlPattern = tmp;
-        urlList->allocatedCount += URL_LIST_STEP_SIZE;
-    }
-
-    urlList->urlPattern[urlList->usedCount++] = pattern;
-
-    appInfoSetActive(pattern->userData.service_id, true);
-    appInfoSetActive(pattern->userData.client_app, true);
-    appInfoSetActive(pattern->userData.payload, true);
-    appInfoSetActive(appId, true);
+    set_app_info_active(pattern->userData.service_id);
+    set_app_info_active(pattern->userData.client_app);
+    set_app_info_active(pattern->userData.payload);
+    set_app_info_active(appId);
 
     return 0;
 }
@@ -2276,7 +2184,6 @@ static int Detector_addAppUrl(lua_State* L)
 static int Detector_addRTMPUrl(lua_State* L)
 {
     int index = 1;
-    DetectorAppUrlPattern** tmp;
     const char* tmpString;
 
     /* Verify detector user data and that we are not in packet context */
@@ -2364,34 +2271,12 @@ static int Detector_addRTMPUrl(lua_State* L)
     pattern->patterns.path.patternSize         = (int)pathPatternSize;
     pattern->patterns.scheme.pattern              = schemePattern;
     pattern->patterns.scheme.patternSize         = (int)schemePatternSize;
+    insert_rtmp_url_pattern(pattern);
 
-    AppIdConfig* pConfig = ud->pAppidNewConfig;
-    DetectorAppUrlList* urlList = &pConfig->httpPatternLists.RTMPUrlList;
-
-    /**first time usedCount and allocatedCount are both 0, urlPattern will be nullptr.
-     * This case is same as malloc. In case of error, realloc will return nullptr, and
-     * original urlPattern buffer is left untouched.
-     */
-    if (urlList->usedCount == urlList->allocatedCount)
-    {
-        tmp = (decltype(tmp))realloc(urlList->urlPattern, (urlList->allocatedCount+
-            URL_LIST_STEP_SIZE)*
-            sizeof(*tmp));
-        if (!tmp)
-        {
-            FreeDetectorAppUrlPattern(pattern);
-            return 0;
-        }
-        urlList->urlPattern = tmp;
-        urlList->allocatedCount += URL_LIST_STEP_SIZE;
-    }
-
-    urlList->urlPattern[urlList->usedCount++] = pattern;
-
-    appInfoSetActive(pattern->userData.service_id, true);
-    appInfoSetActive(pattern->userData.client_app, true);
-    appInfoSetActive(pattern->userData.payload, true);
-    appInfoSetActive(appId, true);
+    set_app_info_active(pattern->userData.service_id);
+    set_app_info_active(pattern->userData.client_app);
+    set_app_info_active(pattern->userData.payload);
+    set_app_info_active(appId);
 
     return 0;
 }
@@ -2426,12 +2311,9 @@ static int Detector_addSipUserAgent(lua_State* L)
         return 0;
     }
 
-#ifdef REMOVED_WHILE_NOT_IN_USE
-    sipUaPatternAdd(client_app, clientVersion, uaPattern,
-            &ud->pAppidNewConfig->detectorSipConfig);
-#endif
+    sipUaPatternAdd(client_app, clientVersion, uaPattern);
 
-    appInfoSetActive(client_app, true);
+    set_app_info_active(client_app);
 
     return 0;
 }
@@ -2459,7 +2341,7 @@ static int openCreateApp(lua_State* L)
         return 1;   /*number of results */
     }
 
-    AppInfoTableEntry* entry = appInfoEntryCreate(tmpString, ud->pAppidNewConfig);
+    AppInfoTableEntry* entry = appInfoEntryCreate(tmpString);
 
     if (entry)
     {
@@ -2561,13 +2443,10 @@ static int openAddPayloadApp(lua_State* L)
 static int openAddHttpPattern(lua_State* L)
 {
     int index = 1;
-    AppIdConfig* pConfig;
 
     /* Verify detector user data and that we are not in packet context */
     auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
 
-    pConfig = ud->pAppidNewConfig;
-
     /* Verify valid pattern type */
     enum httpPatternType pType = (enum httpPatternType)lua_tointeger(L, index++);
     if (pType < HTTP_PAYLOAD || pType > HTTP_URL)
@@ -2615,28 +2494,11 @@ static int openAddHttpPattern(lua_State* L)
     pattern->pattern       = pattern_str;
     pattern->pattern_size  = (int)pattern_size;
     pattern->appId         = APP_ID_NONE;
+    insert_http_pattern_element(pType, element);
 
-    switch (pType)
-    {
-    case HTTP_PAYLOAD:
-        element->next = pConfig->httpPatternLists.hostPayloadPatternList;
-        pConfig->httpPatternLists.hostPayloadPatternList = element;
-        break;
-
-    case HTTP_URL:
-        element->next = pConfig->httpPatternLists.urlPatternList;
-        pConfig->httpPatternLists.urlPatternList = element;
-        break;
-
-    case HTTP_USER_AGENT:
-        element->next = pConfig->httpPatternLists.clientAgentPatternList;
-        pConfig->httpPatternLists.clientAgentPatternList = element;
-        break;
-    }
-
-    appInfoSetActive(serviceAppId, true);
-    appInfoSetActive(clienAppId, true);
-    appInfoSetActive(payloadAppId, true);
+    set_app_info_active(serviceAppId);
+    set_app_info_active(clienAppId);
+    set_app_info_active(payloadAppId);
 
     return 0;
 }
@@ -2644,7 +2506,6 @@ static int openAddHttpPattern(lua_State* L)
 static int openAddUrlPattern(lua_State* L)
 {
     int index = 1;
-    DetectorAppUrlPattern** tmp;
     const char* tmpString;
 
     /* Verify detector user data and that we are not in packet context */
@@ -2655,10 +2516,9 @@ static int openAddUrlPattern(lua_State* L)
         return 0;
     }
 
-    AppIdConfig* pConfig = ud->pAppidNewConfig;
-    uint32_t serviceAppId      = lua_tointeger(L, index++);
-    uint32_t clienAppId      = lua_tointeger(L, index++);
-    uint32_t payloadAppId         = lua_tointeger(L, index++);
+    u_int32_t serviceAppId = lua_tointeger(L, index++);
+    u_int32_t clienAppId   = lua_tointeger(L, index++);
+    u_int32_t payloadAppId = lua_tointeger(L, index++);
 
     if (ud->validateParams.pkt)
     {
@@ -2716,71 +2576,15 @@ static int openAddUrlPattern(lua_State* L)
     pattern->patterns.path.patternSize         = (int)pathPatternSize;
     pattern->patterns.scheme.pattern              = schemePattern;
     pattern->patterns.scheme.patternSize         = (int)schemePatternSize;
+    insert_app_url_pattern(pattern);
 
-    DetectorAppUrlList* urlList = &pConfig->httpPatternLists.appUrlList;
-
-    /**first time usedCount and allocatedCount are both 0, urlPattern will be nullptr.
-     * This case is same as malloc. In case of error, realloc will return nullptr, and
-     * original urlPattern buffer is left untouched.
-     */
-    if (urlList->usedCount == urlList->allocatedCount)
-    {
-        tmp = (decltype(tmp))realloc(urlList->urlPattern,
-            (urlList->allocatedCount + URL_LIST_STEP_SIZE) * sizeof(*tmp));
-        if (!tmp)
-        {
-            FreeDetectorAppUrlPattern(pattern);
-            return 0;
-        }
-        urlList->urlPattern = tmp;
-        urlList->allocatedCount += URL_LIST_STEP_SIZE;
-    }
-
-    urlList->urlPattern[urlList->usedCount++] = pattern;
-
-    appInfoSetActive(serviceAppId, true);
-    appInfoSetActive(clienAppId, true);
-    appInfoSetActive(payloadAppId, true);
+    set_app_info_active(serviceAppId);
+    set_app_info_active(clienAppId);
+    set_app_info_active(payloadAppId);
 
     return 0;
 }
 
-void CleanClientPortPatternList(AppIdConfig* pConfig)
-{
-    PortPatternNode* tmp;
-
-    if ( pConfig->clientPortPattern)
-    {
-        while ((tmp = pConfig->clientPortPattern->luaInjectedPatterns))
-        {
-            pConfig->clientPortPattern->luaInjectedPatterns = tmp->next;
-            snort_free(tmp->pattern);
-            snort_free(tmp->detectorName);
-            snort_free(tmp);
-        }
-
-        snort_free(pConfig->clientPortPattern);
-    }
-}
-
-void CleanServicePortPatternList(AppIdConfig* pConfig)
-{
-    PortPatternNode* tmp;
-
-    if ( pConfig->servicePortPattern)
-    {
-        while ((tmp = pConfig->servicePortPattern->luaInjectedPatterns))
-        {
-            pConfig->servicePortPattern->luaInjectedPatterns = tmp->next;
-            snort_free(tmp->pattern);
-            snort_free(tmp->detectorName);
-            snort_free(tmp);
-        }
-
-        snort_free(pConfig->servicePortPattern);
-    }
-}
-
 /* Add a port and pattern based detection for client application. Both port and pattern criteria
  * must be met before client application is deemed detected.
  *
@@ -2797,7 +2601,6 @@ void CleanServicePortPatternList(AppIdConfig* pConfig)
 static int addPortPatternClient(lua_State* L)
 {
     int index = 1;
-    AppIdConfig* pConfig;
     PortPatternNode* pPattern;
     IpProtocol protocol;
     uint16_t port;
@@ -2809,18 +2612,12 @@ static int addPortPatternClient(lua_State* L)
     /* Verify detector user data and that we are not in packet context */
     auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
 
-    pConfig = ud->pAppidNewConfig;
     protocol = (IpProtocol)lua_tonumber(L, index++);
     //port      = lua_tonumber(L, index++);
     port = 0;
     pattern = lua_tolstring(L, index++, &patternSize);
     position = lua_tonumber(L, index++);
     appId = lua_tointeger(L, index++);
-
-    if (!pConfig->clientPortPattern)
-        pConfig->clientPortPattern =
-            (decltype(pConfig->clientPortPattern))snort_calloc(sizeof(ClientPortPattern));
-
     if (appId <= APP_ID_NONE || !pattern || !patternSize || (protocol != IpProtocol::TCP &&
         protocol !=
         IpProtocol::UDP))
@@ -2829,6 +2626,7 @@ static int addPortPatternClient(lua_State* L)
             ud->name.c_str());
         return 0;
     }
+
     pPattern  = (decltype(pPattern))snort_calloc(sizeof(PortPatternNode));
     pPattern->pattern  = (decltype(pPattern->pattern))snort_calloc(patternSize);
     pPattern->appId = appId;
@@ -2838,35 +2636,9 @@ static int addPortPatternClient(lua_State* L)
     pPattern->length = patternSize;
     pPattern->offset = position;
     pPattern->detectorName = snort_strdup(ud->name.c_str());
+    insert_client_port_pattern(pPattern);
 
-    //insert ports in order.
-    {
-        PortPatternNode** prev;
-        PortPatternNode** curr;
-
-        prev = nullptr;
-        for (curr = &pConfig->clientPortPattern->luaInjectedPatterns;
-            *curr;
-            prev = curr, curr = &((*curr)->next))
-        {
-            if (strcmp(pPattern->detectorName, (*curr)->detectorName) || pPattern->protocol <
-                (*curr)->protocol
-                || pPattern->port < (*curr)->port)
-                break;
-        }
-        if (prev)
-        {
-            pPattern->next = (*prev)->next;
-            (*prev)->next = pPattern;
-        }
-        else
-        {
-            pPattern->next = *curr;
-            *curr = pPattern;
-        }
-    }
-
-    appInfoSetActive(appId, true);
+    set_app_info_active(appId);
 
     return 0;
 }
@@ -2888,7 +2660,6 @@ static int addPortPatternService(lua_State* L)
 {
     int index = 1;
     size_t patternSize = 0;
-    AppIdConfig* pConfig;
     PortPatternNode* pPattern;
     IpProtocol protocol;
     uint16_t port;
@@ -2899,17 +2670,12 @@ static int addPortPatternService(lua_State* L)
     /* Verify detector user data and that we are not in packet context */
     auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
 
-    pConfig = ud->pAppidNewConfig;
     protocol = (IpProtocol)lua_tonumber(L, index++);
     port      = lua_tonumber(L, index++);
     pattern = lua_tolstring(L, index++, &patternSize);
     position = lua_tonumber(L, index++);
     appId = lua_tointeger(L, index++);
 
-    if (!pConfig->servicePortPattern)
-        pConfig->servicePortPattern =
-            (decltype(pConfig->servicePortPattern))snort_calloc(sizeof(ServicePortPattern));
-
     pPattern = (decltype(pPattern))snort_calloc(sizeof(PortPatternNode));
     pPattern->pattern  = (decltype(pPattern->pattern))snort_calloc(patternSize);
     pPattern->appId = appId;
@@ -2921,33 +2687,9 @@ static int addPortPatternService(lua_State* L)
     pPattern->detectorName = snort_strdup(ud->name.c_str());
 
     //insert ports in order.
-    {
-        PortPatternNode** prev;
-        PortPatternNode** curr;
+    insert_service_port_pattern(pPattern);
 
-        prev = nullptr;
-        for (curr = &pConfig->servicePortPattern->luaInjectedPatterns;
-            *curr;
-            prev = curr, curr = &((*curr)->next))
-        {
-            if (strcmp(pPattern->detectorName, (*curr)->detectorName) || pPattern->protocol <
-                (*curr)->protocol
-                || pPattern->port < (*curr)->port)
-                break;
-        }
-        if (prev)
-        {
-            pPattern->next = (*prev)->next;
-            (*prev)->next = pPattern;
-        }
-        else
-        {
-            pPattern->next = *curr;
-            *curr = pPattern;
-        }
-    }
-
-    appInfoSetActive(appId, true);
+    set_app_info_active(appId);
 
     return 0;
 }
@@ -2985,9 +2727,9 @@ static int Detector_addSipServer(lua_State* L)
     // FIXIT-M: uncomment when sip detector is included in the build
 #ifdef REMOVED_WHILE_NOT_IN_USE
     sipServerPatternAdd(client_app, clientVersion, uaPattern,
-            &ud->pAppidNewConfig->detectorSipConfig);
+            &ud->appid_config->detectorSipConfig);
 #endif
-    appInfoSetActive(client_app, true);
+    set_app_info_active(client_app);
 
     return 0;
 }
@@ -3052,7 +2794,7 @@ static int createFutureFlow(lua_State* L)
     app_id_to_snort = lua_tointeger(L, 10);
     if (app_id_to_snort > APP_ID_NONE)
     {
-        AppInfoTableEntry* entry = appInfoEntryGet(app_id_to_snort, pAppidActiveConfig);
+        AppInfoTableEntry* entry = appInfoEntryGet(app_id_to_snort);
         if (nullptr == entry)
             return 0;
         snort_app_id = entry->snortId;
@@ -3316,102 +3058,6 @@ int Detector_register(lua_State* L)
 
 /** @} */ /* end of LuaDetectorBaseApi */
 
-static void FreeHTTPListElement(HTTPListElement* element)
-{
-    if (element)
-    {
-        if (element->detectorHTTPPattern.pattern)
-            snort_free(element->detectorHTTPPattern.pattern);
-        snort_free(element);
-    }
-}
-
-static void FreeCHPAppListElement(CHPListElement* element)
-{
-    if (element)
-    {
-        if (element->chp_action.pattern)
-            snort_free(element->chp_action.pattern);
-        if (element->chp_action.action_data)
-            snort_free(element->chp_action.action_data);
-        snort_free (element);
-    }
-}
-
-static void FreeDetectorAppUrlPattern(DetectorAppUrlPattern* pattern)
-{
-    if (pattern)
-    {
-        if (pattern->userData.query.pattern)
-            snort_free(*(void**)&pattern->userData.query.pattern);
-        if (pattern->patterns.host.pattern)
-            snort_free(*(void**)&pattern->patterns.host.pattern);
-        if (pattern->patterns.path.pattern)
-            snort_free(*(void**)&pattern->patterns.path.pattern);
-        if (pattern->patterns.scheme.pattern)
-            snort_free(*(void**)&pattern->patterns.scheme.pattern);
-        snort_free(pattern);
-    }
-}
-
-void CleanHttpPatternLists(AppIdConfig* pConfig)
-{
-    HTTPListElement* element;
-    CHPListElement* chpe;
-    size_t i;
-
-    for (i = 0; i < pConfig->httpPatternLists.appUrlList.usedCount; i++)
-    {
-        FreeDetectorAppUrlPattern(pConfig->httpPatternLists.appUrlList.urlPattern[i]);
-        pConfig->httpPatternLists.appUrlList.urlPattern[i] = nullptr;
-    }
-    for (i = 0; i < pConfig->httpPatternLists.RTMPUrlList.usedCount; i++)
-    {
-        FreeDetectorAppUrlPattern(pConfig->httpPatternLists.RTMPUrlList.urlPattern[i]);
-        pConfig->httpPatternLists.RTMPUrlList.urlPattern[i] = nullptr;
-    }
-    if (pConfig->httpPatternLists.appUrlList.urlPattern)
-    {
-        // FIXIT-M: still allocated by malloc/realloc
-        free(pConfig->httpPatternLists.appUrlList.urlPattern);
-        pConfig->httpPatternLists.appUrlList.urlPattern = nullptr;
-    }
-    pConfig->httpPatternLists.appUrlList.allocatedCount = 0;
-    if (pConfig->httpPatternLists.RTMPUrlList.urlPattern)
-    {
-        free(pConfig->httpPatternLists.RTMPUrlList.urlPattern);
-        pConfig->httpPatternLists.RTMPUrlList.urlPattern = nullptr;
-    }
-    pConfig->httpPatternLists.RTMPUrlList.allocatedCount = 0;
-    pConfig->httpPatternLists.appUrlList.usedCount = 0;
-    pConfig->httpPatternLists.RTMPUrlList.usedCount = 0;
-    while ((element = pConfig->httpPatternLists.clientAgentPatternList))
-    {
-        pConfig->httpPatternLists.clientAgentPatternList = element->next;
-        FreeHTTPListElement(element);
-    }
-    while ((element = pConfig->httpPatternLists.hostPayloadPatternList))
-    {
-        pConfig->httpPatternLists.hostPayloadPatternList = element->next;
-        FreeHTTPListElement(element);
-    }
-    while ((element = pConfig->httpPatternLists.urlPatternList))
-    {
-        pConfig->httpPatternLists.urlPatternList = element->next;
-        FreeHTTPListElement(element);
-    }
-    while ((element = pConfig->httpPatternLists.contentTypePatternList))
-    {
-        pConfig->httpPatternLists.contentTypePatternList = element->next;
-        FreeHTTPListElement(element);
-    }
-    while ((chpe = pConfig->httpPatternLists.chpList))
-    {
-        pConfig->httpPatternLists.chpList = chpe->next;
-        FreeCHPAppListElement(chpe);
-    }
-}
-
 // -----------------------------------------------------------------------------
 // Detector
 // -----------------------------------------------------------------------------

diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h
index 1d463404bc5b004b0b43a31e3bfdbf11092eae7e..1819dda4fbcb4cf920811d34cf0ccfd3361773d4 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_api.h
+++ b/src/network_inspectors/appid/lua_detector_api.h
@@ -120,45 +120,21 @@ struct Detector
     char* validatorBuffer;
     unsigned char digest[16];
 
-    AppIdConfig* pAppidActiveConfig;     ///< AppId context in which this detector should be used;
-                                          // used during packet processing
-    AppIdConfig* pAppidOldConfig;        ///< AppId context in which this detector should be
-                                          // cleaned; used at reload free and exit
-    AppIdConfig* pAppidNewConfig;        ///< AppId context in which this detector should be
-                                          // loaded; used at initialization and reload
+    AppIdConfig* appid_config;
 };
 
 int Detector_register(lua_State*);
 void Detector_fini(void* detector);
-void detectorRemoveAllPorts(Detector*, AppIdConfig*);
+void detectorRemoveAllPorts(Detector*);
 Detector* createDetector(lua_State*, const char* filename);
-CLIENT_APP_RETCODE validateAnyClientApp(
-    const uint8_t* data,
-    uint16_t size,
-    const int dir,
-    AppIdSession*,
-    Packet*,
-    Detector*,
-    const AppIdConfig*
-);
-
-enum httpPatternType
-{
-    HTTP_PAYLOAD    = 1,
-    HTTP_USER_AGENT = 2,
-    HTTP_URL        = 3
-};
-
+CLIENT_APP_RETCODE validateAnyClientApp(const uint8_t* data, uint16_t size, const int dir,
+    AppIdSession*, Packet*, Detector*);
 int Detector_addSSLCertPattern(lua_State*);
 int Detector_addDNSHostPattern(lua_State*);
-
 int Detector_addHttpPattern(lua_State*);
-
-void CleanHttpPatternLists(AppIdConfig*);
-void CleanClientPortPatternList(AppIdConfig*);
-void CleanServicePortPatternList(AppIdConfig*);
-
 int validateAnyService(ServiceValidationArgs*);
 int checkServiceElement(Detector*);
+int init_CHP_glossary();
+void free_CHP_glossary();
 
 #endif

diff --git a/src/network_inspectors/appid/lua_detector_flow_api.cc b/src/network_inspectors/appid/lua_detector_flow_api.cc
index 372b6f29bb3c26779d61f017242ab90b7c182bd1..578224b46b9492dd4f67c9383956260ec97e6a8d 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_flow_api.cc
+++ b/src/network_inspectors/appid/lua_detector_flow_api.cc
@@ -32,8 +32,6 @@
 #include "sfip/sf_ip.h"
 #include "appid_utils/common_util.h"
 
-/*static const char * LuaLogLabel = "luaDetectorFlowApi"; */
-
 /* Lua flag bit/index to C flag value (0 for invalid). */
 static const uint64_t FLAGS_TABLE_LUA_TO_C[32]
 {

diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc
index 24053a2a35e2a99087c4158acd3343179d0ec0f7..3facbf4850a388d10d4b7b77783fa63658caffbc 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_module.cc
+++ b/src/network_inspectors/appid/lua_detector_module.cc
@@ -23,7 +23,6 @@
 
 #include "lua_detector_module.h"
 
-#include <list>
 #include <algorithm>
 #include <glob.h>
 #include <lua.hpp>
@@ -31,6 +30,7 @@
 
 #include "appid_config.h"
 #include "client_plugins/client_app_base.h"
+#include "service_plugins/service_base.h"
 #include "fw_appid.h" // for lua*PerfStats
 #include "hash/sfghash.h"
 #include "log/messages.h"
@@ -50,15 +50,7 @@
 #define MAXPD 1024
 #define LUA_DETECTOR_FILENAME_MAX 1024
 
-// This data structure is shared in the main and the reload threads. However, the detectors
-// in this list could be using different AppID contexts (pAppidOldConfig, pAppidActiveConfig
-// and pAppidActiveConfig) based on which context the detector is being used. For example,
-// a detector could simultaneously be loaded in the reload thread while the same detector
-// could be used in the packet processing thread. Since allocatedDetectorList is used only
-// during loading, we don't need to use synchronization measures to access it.
-static std::list<Detector*> allocatedDetectorList;
-
-SF_LIST allocatedFlowList;  /*list of flows allocated. */
+THREAD_LOCAL SF_LIST allocatedFlowList;  /*list of flows allocated. */
 static uint32_t gLuaTrackerSize = 0;
 static unsigned gNumDetectors = 0;
 static unsigned gNumActiveDetectors;
@@ -333,9 +325,7 @@ static void luaClientInit(Detector* detector)
         return;
     }
     else
-    {
         DebugFormat(DEBUG_APPID, "Initialized %s\n", detector->name.c_str());
-    }
 }
 
 static void luaClientFini(Detector* detector)
@@ -363,8 +353,6 @@ static void luaClientFini(Detector* detector)
     }
 }
 
-/**set tracker sizes on Lua detector sizes. Uses global module names to access functions.
- */
 static inline void setLuaTrackerSize(lua_State* L, uint32_t numTrackers)
 {
     /*change flow tracker size according to available memory calculation */
@@ -376,15 +364,12 @@ static inline void setLuaTrackerSize(lua_State* L, uint32_t numTrackers)
         {
             lua_pushinteger (L, numTrackers);
             if (lua_pcall(L, 1, 0, 0) != 0)
-            {
                 ErrorMessage("error setting tracker size");
-            }
         }
     }
     else
-    {
         DebugMessage(DEBUG_LOG, "hostServiceTrackerModule.setHosServiceTrackerSize not found");
-    }
+
     lua_pop(L, 1);
 
     /*change flow tracker size according to available memory calculation */
@@ -396,20 +381,35 @@ static inline void setLuaTrackerSize(lua_State* L, uint32_t numTrackers)
         {
             lua_pushinteger (L, numTrackers);
             if (lua_pcall(L, 1, 0, 0) != 0)
-            {
                 ErrorMessage("error setting tracker size");
-            }
         }
     }
     else
-    {
         DebugMessage(DEBUG_LOG, "flowTrackerModule.setFlowTrackerSize not found");
-    }
+
     lua_pop(L, 1);
 }
 
-static void luaCustomLoad( char* detectorName, char* validator, unsigned int validatorLen,
-        unsigned char* const digest, AppIdConfig* pConfig, bool isCustom)
+LuaDetectorManager::LuaDetectorManager()
+{
+    sflist_init(&allocatedFlowList);
+    allocatedDetectorList.clear();
+}
+
+LuaDetectorManager::~LuaDetectorManager()
+{
+    for ( auto& detector : allocatedDetectorList )
+         if ( !detector->packageInfo.client.initFunctionName.empty() )
+             luaClientFini(detector);
+
+    sflist_static_free_all(&allocatedFlowList, freeDetectorFlow);
+    for ( auto& detector : allocatedDetectorList )
+        delete detector;
+    allocatedDetectorList.clear();}
+
+void LuaDetectorManager::luaCustomLoad( char* detectorName, char* validator,
+        unsigned int validatorLen, unsigned char* const digest, AppIdConfig* pConfig,
+        bool isCustom)
 {
     Detector* detector;
     RNAClientAppModule* cam = nullptr;
@@ -442,7 +442,7 @@ static void luaCustomLoad( char* detectorName, char* validator, unsigned int val
     getDetectorPackageInfo(detector);
     detector->validatorBuffer = validator;
     detector->isActive = true;
-    detector->pAppidNewConfig = detector->pAppidActiveConfig = detector->pAppidOldConfig = pConfig;
+    detector->appid_config =  pConfig;
     detector->isCustom = isCustom;
 
     if ( detector->packageInfo.server.initFunctionName.empty() )
@@ -459,10 +459,7 @@ static void luaCustomLoad( char* detectorName, char* validator, unsigned int val
     }
     else
     {
-        /*add to active service list */
-        detector->server.serviceModule.next = pConfig->serviceConfig.active_service_list;
-        pConfig->serviceConfig.active_service_list = &detector->server.serviceModule;
-
+        add_service_to_active_list(&detector->server.serviceModule);
         detector->server.serviceId = APP_ID_UNKNOWN;
 
         /*create a ServiceElement */
@@ -481,12 +478,6 @@ static void luaCustomLoad( char* detectorName, char* validator, unsigned int val
     DebugFormat(DEBUG_LOG,"Loaded detector %s\n", detectorName);
 }
 
-void LuaDetectorModuleManager::luaModuleInit()
-{
-    sflist_init(&allocatedFlowList);
-    allocatedDetectorList.clear();
-}
-
 /**calculates Number of flow and host tracker entries for Lua detectors, given amount
  * of memory allocated to RNA (fraction of total system memory) and number of detectors
  * loaded in database. Calculations are based on CAICCI detector and observing memory
@@ -508,7 +499,7 @@ static inline uint32_t calculateLuaTrackerSize(uint64_t rnaMemory, uint32_t numD
     return (numTrackers > LUA_TRACKERS_MAX) ? LUA_TRACKERS_MAX : numTrackers;
 }
 
-static void loadCustomLuaModules(char* path, AppIdConfig* pConfig, bool isCustom)
+void LuaDetectorManager::loadCustomLuaModules(char* path, AppIdConfig* pConfig, bool isCustom)
 {
     unsigned n;
     FILE* file;
@@ -554,7 +545,6 @@ static void loadCustomLuaModules(char* path, AppIdConfig* pConfig, bool isCustom
         }
 
         auto validatorBufferLen = ftell(file);
-
         if (validatorBufferLen == -1)
         {
             ErrorMessage("Unable to return offset on lua detector '%s'\n",globs.gl_pathv[n]);
@@ -593,7 +583,7 @@ static void loadCustomLuaModules(char* path, AppIdConfig* pConfig, bool isCustom
             if ( !memcmp(digest, detector->digest, sizeof(digest)) )
             {
                 detector->isActive = true;
-                detector->pAppidNewConfig = pConfig;
+                detector->appid_config = pConfig;
                 delete[] validatorBuffer;
             }
         }
@@ -605,14 +595,12 @@ static void loadCustomLuaModules(char* path, AppIdConfig* pConfig, bool isCustom
     globfree(&globs);
 }
 
-void LuaDetectorModuleManager::FinalizeLuaModules(AppIdConfig* pConfig)
+void LuaDetectorManager::FinalizeLuaModules()
 {
     gNumActiveDetectors = 0;
 
     for ( auto& detector : allocatedDetectorList )
     {
-        detector->pAppidOldConfig = detector->pAppidActiveConfig;
-        detector->pAppidActiveConfig = pConfig;
         if ( detector->isActive )
         {
             ++gNumActiveDetectors;
@@ -626,7 +614,7 @@ void LuaDetectorModuleManager::FinalizeLuaModules(AppIdConfig* pConfig)
     luaDetectorsSetTrackerSize();
 }
 
-void LuaDetectorModuleManager::LoadLuaModules(AppIdConfig* pConfig)
+void LuaDetectorManager::LoadLuaModules(AppIdConfig* pConfig)
 {
     for ( auto& detector : allocatedDetectorList )
     {
@@ -646,12 +634,12 @@ void LuaDetectorModuleManager::LoadLuaModules(AppIdConfig* pConfig)
     // luaDetectorsCleanInactive();
 }
 
-void luaDetectorsUnload(AppIdConfig* pConfig)
+void LuaDetectorManager::luaDetectorsUnload()
 {
     for ( auto& detector : allocatedDetectorList )
     {
         if ( detector->isActive && !detector->packageInfo.server.initFunctionName.empty())
-            detectorRemoveAllPorts(detector, pConfig);
+            detectorRemoveAllPorts(detector);
 
         if ( detector->isActive && !detector->packageInfo.client.initFunctionName.empty() )
             luaClientFini(detector);
@@ -665,7 +653,7 @@ void luaDetectorsUnload(AppIdConfig* pConfig)
     gNumActiveDetectors = 0;
 }
 
-void luaDetectorsSetTrackerSize()
+void LuaDetectorManager::luaDetectorsSetTrackerSize()
 {
     gLuaTrackerSize = calculateLuaTrackerSize(512*1024*1024, gNumActiveDetectors);
 
@@ -678,7 +666,7 @@ void luaDetectorsSetTrackerSize()
     }
 }
 
-void LuaDetectorModuleManager::UnloadLuaModules(AppIdConfig*)
+void LuaDetectorManager::UnloadLuaModules(AppIdConfig*)
 {
     for ( auto& detector : allocatedDetectorList )
     {
@@ -689,10 +677,6 @@ void LuaDetectorModuleManager::UnloadLuaModules(AppIdConfig*)
 
             detector->wasActive = false;
         }
-
-        // Detector cleanup is done. Move pAppidOldConfig to the current
-        // AppID context.
-        detector->pAppidOldConfig = detector->pAppidActiveConfig;
     }
 }
 
@@ -702,7 +686,7 @@ void LuaDetectorModuleManager::UnloadLuaModules(AppIdConfig*)
  * newly activated or deactivate detectors. Current design calls for restarting
  * RNA whenever detectors are activated/deactivated.
  */
-void luaModuleInitAllServices()
+void LuaDetectorManager::luaModuleInitAllServices()
 {
     for ( auto& detector : allocatedDetectorList )
         luaServerInit(detector);
@@ -714,39 +698,14 @@ void luaModuleInitAllServices()
  * newly activated or deactivate detectors. Current design calls for restarting
  * RNA whenever detectors are activated/deactivated.
  */
-void luaModuleInitAllClients()
+void LuaDetectorManager::luaModuleInitAllClients()
 {
     for ( auto& detector : allocatedDetectorList )
         if ( detector->isActive && !detector->packageInfo.client.initFunctionName.empty() )
             luaClientInit(detector);
 }
 
-void luaModuleCleanAllClients()
-{
-    for ( auto& detector : allocatedDetectorList )
-        if ( !detector->packageInfo.client.initFunctionName.empty() )
-            luaClientFini(detector);
-
-    /*dont free detector. Lua side reclaims the memory. */
-}
-
-/**Finish routine for DetectorCore module. It release all Lua sessions and frees any memory.
- * @warn This function should be called once and that too when RNA is performing clean exit.
- * @return void.
-  */
-void LuaDetectorModuleManager::luaModuleFini()
-{
-    DebugMessage(DEBUG_APPID, "luaModuleFini(): entered");
-
-    /*flow can be freed during garbage collection */
-
-    sflist_static_free_all(&allocatedFlowList, freeDetectorFlow);
-    for ( auto& detector : allocatedDetectorList )
-        delete detector;
-    allocatedDetectorList.clear();
-}
-
-void RNAPndDumpLuaStats()
+void LuaDetectorManager::list_lua_detectors()
 {
     size_t totalMem = 0;
     size_t mem;

diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h
index ed46c893e9f86dc283bb791e78258839e3f28875..f861f357e019db0bedbf20f6778df2d20922bf5f 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_module.h
+++ b/src/network_inspectors/appid/lua_detector_module.h
@@ -23,48 +23,55 @@
 #define LUA_DETECTOR_MODULE_H
 
 #include <string>
+#include <list>
 
+#include "main/thread.h"
 #include "utils/sflsq.h"
 
 class AppIdConfig;
+struct Detector;
 
-class LuaDetectorModuleManager
+class LuaDetectorManager
 {
 public:
-    // Initializes Lua modules. Open lua and if available LuaJIT libraries, and registers all API modules.
-    static void luaModuleInit();
-    static void luaModuleFini();
+    LuaDetectorManager();
+    ~LuaDetectorManager();
 
     // Load all Lua modules into a detector list
     //
     // Each RNA detector file in the folder app_id_detector_path is parsed for
     // detector information. If it is a valid detector, a detector data structure
     // is created for it and stored in allocatedDetectorList.
-    static void LoadLuaModules(AppIdConfig*);
+    void LoadLuaModules(AppIdConfig*);
 
     // Finalize Lua modules
     // This function should be called after LoadLuaModules(). It sets up proper AppId references
     // and tracker size for all the detectors.
-    static void FinalizeLuaModules(AppIdConfig*);
+    void FinalizeLuaModules();
 
     // Unload Lua modules
     //
     // This function cleans up all the data structures that were created for the Lua detectors
     // in a given AppId context. It should be called after FinalizeLuaModules().
-    static void UnloadLuaModules(AppIdConfig*);
+    void UnloadLuaModules(AppIdConfig*);
 
-    static void add_chunk(const std::string&);
-};
+    void add_chunk(const std::string&);
+
+    void luaModuleInitAllServices();
+    void luaModuleInitAllClients();
+    void list_lua_detectors();
 
-void luaModuleInitAllServices();
-void luaModuleCleanAllClients();
-void luaModuleInitAllClients();
-void RNAPndDumpLuaStats();
+private:
+    void luaCustomLoad( char* detectorName, char* validator, unsigned int validatorLen,
+            unsigned char* const digest, AppIdConfig*, bool isCustom);
+    void loadCustomLuaModules(char* path, AppIdConfig*, bool isCustom);
+    void luaDetectorsUnload();
+    void luaDetectorsSetTrackerSize();
 
-void luaDetectorsUnload(AppIdConfig*);
-void luaDetectorsSetTrackerSize();
+    std::list<Detector*> allocatedDetectorList;
+};
 
-extern SF_LIST allocatedFlowList;
+extern THREAD_LOCAL SF_LIST allocatedFlowList;
 
 #endif
 

diff --git a/src/network_inspectors/appid/service_plugins/service_api.h b/src/network_inspectors/appid/service_plugins/service_api.h
index 0db1b467c8620386541295eaf88eb85061ef7823..10c9af9a985ac1a1f62ad893919443bbe0ec6a3a 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_api.h
+++ b/src/network_inspectors/appid/service_plugins/service_api.h
@@ -69,20 +69,19 @@ struct CleanServiceAPI
 
 struct IniServiceAPI;
 using RNAServiceValidationInitFCN = int(*)(const IniServiceAPI* const);
-using RNAServiceValidationCleanFCN = void(*)(const CleanServiceAPI* const);
+using RNAServiceValidationCleanFCN = void(*)();
 
 struct RNAServiceValidationPort;
 struct RNAServiceValidationModule;
 struct IniServiceAPI
 {
     void (* RegisterPattern)( RNAServiceValidationFCN, IpProtocol proto, const uint8_t* pattern,
-        unsigned size, int position, const char* name, AppIdConfig*);
-    int (* AddPort)( const RNAServiceValidationPort*, RNAServiceValidationModule*, AppIdConfig*);
-    void (* RemovePorts)(RNAServiceValidationFCN, AppIdConfig*);
+        unsigned size, int position, const char* name);
+    int (* AddPort)( const RNAServiceValidationPort*, RNAServiceValidationModule*);
+    void (* RemovePorts)(RNAServiceValidationFCN);
     void (* RegisterPatternUser)(RNAServiceValidationFCN, IpProtocol proto,
-            const uint8_t* pattern, unsigned size, int position, const char* name, AppIdConfig*);
-    void (* RegisterAppId)( RNAServiceValidationFCN, AppId, uint32_t additionalInfo,
-            AppIdConfig*);
+            const uint8_t* pattern, unsigned size, int position, const char* name);
+    void (* RegisterAppId)( RNAServiceValidationFCN, AppId, uint32_t additionalInfo);
     int debug;
     uint32_t instance_id;
     AppIdConfig* pAppidConfig;  ///< AppId context for which this API should be used

diff --git a/src/network_inspectors/appid/service_plugins/service_base.cc b/src/network_inspectors/appid/service_plugins/service_base.cc
index 333c4d82e1250e80ea78bee26c8298490fc04402..c18c43ea83658dd12f5ac0635a6dd60666c14996 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_base.cc
+++ b/src/network_inspectors/appid/service_plugins/service_base.cc
@@ -93,6 +93,24 @@ static void AppIdAddHostIP(AppIdSession* flow, const uint8_t* mac, uint32_t ip4,
 static void AppIdAddSMBData(AppIdSession* flow, unsigned major, unsigned minor, uint32_t flags);
 static void AppIdServiceAddMisc(AppIdSession* flow, AppId miscId);
 
+struct ServiceMatch
+{
+    struct ServiceMatch* next;
+    unsigned count;
+    unsigned size;
+    RNAServiceElement* svc;
+};
+
+static const uint8_t zeromac[6] = { 0, 0, 0, 0, 0, 0 };
+static unsigned smOrderedListSize = 32;
+static THREAD_LOCAL DHCPInfo* dhcp_info_free_list;
+static THREAD_LOCAL FpSMBData* smb_data_free_list;
+static THREAD_LOCAL ServiceMatch** smOrderedList = nullptr;
+static THREAD_LOCAL ServiceMatch* free_service_match;
+static THREAD_LOCAL ServiceConfig* serviceConfig = nullptr;
+static THREAD_LOCAL RNAServiceElement* ftp_service = nullptr;
+static THREAD_LOCAL ServicePatternData* free_pattern_data = nullptr;
+
 const ServiceApi serviceapi =
 {
     &service_flowdata_get,
@@ -125,20 +143,16 @@ static const char* serviceIdStateName[] =
 };
 #endif
 
-static RNAServiceElement* ftp_service = nullptr;
-
-static ServicePatternData* free_pattern_data;
-
 /*C service API */
 static void ServiceRegisterPattern(RNAServiceValidationFCN, IpProtocol, const uint8_t*, unsigned,
-        int, struct Detector*, int, const char*, ServiceConfig*);
+        int, struct Detector*, int, const char* );
 static void CServiceRegisterPattern(RNAServiceValidationFCN, IpProtocol, const uint8_t* ,
-        unsigned, int , const char*, AppIdConfig*);
+        unsigned, int , const char*);
 static void ServiceRegisterPatternUser(RNAServiceValidationFCN, IpProtocol, const uint8_t*,
-        unsigned, int, const char*, AppIdConfig*);
-void appSetServiceValidator( RNAServiceValidationFCN, AppId, unsigned extractsInfo, AppIdConfig*);
-static int CServiceAddPort(const RNAServiceValidationPort*, RNAServiceValidationModule*, AppIdConfig*);
-static void CServiceRemovePorts(RNAServiceValidationFCN validate, AppIdConfig* pConfig);
+        unsigned, int, const char*);
+void appSetServiceValidator( RNAServiceValidationFCN, AppId, unsigned extractsInfo);
+static int CServiceAddPort(const RNAServiceValidationPort*, RNAServiceValidationModule*);
+static void CServiceRemovePorts(RNAServiceValidationFCN validate);
 
 static IniServiceAPI svc_init_api =
 {
@@ -152,11 +166,6 @@ static IniServiceAPI svc_init_api =
     nullptr
 };
 
-static CleanServiceAPI svc_clean_api =
-{
-    nullptr
-};
-
 extern RNAServiceValidationModule timbuktu_service_mod;
 extern RNAServiceValidationModule bit_service_mod;
 extern RNAServiceValidationModule tns_service_mod;
@@ -201,26 +210,12 @@ static RNAServiceValidationModule* static_service_list[] =
     &http_service_mod
 };
 
-struct ServiceMatch
-{
-    struct ServiceMatch* next;
-    unsigned count;
-    unsigned size;
-    RNAServiceElement* svc;
-};
-
-static DHCPInfo* dhcp_info_free_list;
-static FpSMBData* smb_data_free_list;
-static unsigned smOrderedListSize = 32;
-static ServiceMatch** smOrderedList = nullptr;
-static ServiceMatch* free_service_match;
-static const uint8_t zeromac[6] = { 0, 0, 0, 0, 0, 0 };
+const uint32_t NUM_STATIC_SERVICES =
+        sizeof(static_service_list) / sizeof(RNAServiceValidationModule*);
 
-
-void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned extractsInfo,
-    AppIdConfig* pConfig)
+void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned extractsInfo)
 {
-    AppInfoTableEntry* pEntry = appInfoEntryGet(appId, pConfig);
+    AppInfoTableEntry* pEntry = appInfoEntryGet(appId);
     if (!pEntry)
     {
         ErrorMessage("AppId: invalid direct service AppId, %d", appId);
@@ -232,7 +227,7 @@ void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned e
         DebugFormat(DEBUG_APPID, "Ignoring direct service without info for AppId %d", appId);
         return;
     }
-    pEntry->svrValidator = ServiceGetServiceElement(fcn, nullptr, pConfig);
+    pEntry->svrValidator = ServiceGetServiceElement(fcn, nullptr);
     if (pEntry->svrValidator)
         pEntry->flags |= extractsInfo;
     else
@@ -254,16 +249,6 @@ void AppIdFreeServiceMatchList(ServiceMatch* sm)
     free_service_match = sm;
 }
 
-void cleanupFreeServiceMatch(void)
-{
-    ServiceMatch* match;
-    while ((match=free_service_match) != nullptr)
-    {
-        free_service_match = match->next;
-        snort_free(match);
-    }
-}
-
 int AddFTPServiceState(AppIdSession* fp)
 {
     if (!ftp_service)
@@ -354,13 +339,8 @@ static inline uint16_t sslPortRemap(
     }
 }
 
-static inline RNAServiceElement* AppIdGetNexServiceByPort(
-    IpProtocol protocol,
-    uint16_t port,
-    const RNAServiceElement* const lasService,
-    AppIdSession* rnaData,
-    const AppIdConfig* pConfig
-    )
+static inline RNAServiceElement* AppIdGetNexServiceByPort( IpProtocol protocol, uint16_t port,
+    const RNAServiceElement* const lasService, AppIdSession* rnaData)
 {
     RNAServiceElement* service = nullptr;
     SF_LIST* list = nullptr;
@@ -369,15 +349,15 @@ static inline RNAServiceElement* AppIdGetNexServiceByPort(
     {
         unsigned remappedPort = sslPortRemap(port);
         if (remappedPort)
-            list = pConfig->serviceConfig.tcp_services[remappedPort];
+            list = serviceConfig->tcp_services[remappedPort];
     }
     else if (protocol == IpProtocol::TCP)
     {
-        list = pConfig->serviceConfig.tcp_services[port];
+        list = serviceConfig->tcp_services[port];
     }
     else
     {
-        list = pConfig->serviceConfig.udp_services[port];
+        list = serviceConfig->udp_services[port];
     }
 
     if (list)
@@ -438,19 +418,17 @@ static inline RNAServiceElement* AppIdNexServiceByPattern(AppIdServiceIDState* i
     return service;
 }
 
-const RNAServiceElement* ServiceGetServiceElement(RNAServiceValidationFCN fcn, struct
-    Detector* userdata,
-    AppIdConfig* pConfig)
+const RNAServiceElement* ServiceGetServiceElement(RNAServiceValidationFCN fcn, Detector* userdata)
 {
     RNAServiceElement* li;
 
-    for (li=pConfig->serviceConfig.tcp_service_list; li; li=li->next)
+    for (li=serviceConfig->tcp_service_list; li; li=li->next)
     {
         if ((li->validate == fcn) && (li->userdata == userdata))
             return li;
     }
 
-    for (li=pConfig->serviceConfig.udp_service_list; li; li=li->next)
+    for (li=serviceConfig->udp_service_list; li; li=li->next)
     {
         if ((li->validate == fcn) && (li->userdata == userdata))
             return li;
@@ -458,10 +436,9 @@ const RNAServiceElement* ServiceGetServiceElement(RNAServiceValidationFCN fcn, s
     return nullptr;
 }
 
-static void ServiceRegisterPattern(RNAServiceValidationFCN fcn,
-    IpProtocol proto, const uint8_t* pattern, unsigned size,
-    int position, struct Detector* userdata, int provides_user,
-    const char* name, ServiceConfig* pServiceConfig)
+static void ServiceRegisterPattern(RNAServiceValidationFCN fcn, IpProtocol proto,
+        const uint8_t* pattern, unsigned size, int position, struct Detector* userdata,
+        int provides_user, const char* name)
 {
     SearchTool** patterns;
     ServicePatternData** pd_list;
@@ -472,19 +449,19 @@ static void ServiceRegisterPattern(RNAServiceValidationFCN fcn,
 
     if ((IpProtocol)proto == IpProtocol::TCP)
     {
-        patterns = &pServiceConfig->tcp_patterns;
-        pd_list = &pServiceConfig->tcp_pattern_data;
+        patterns = &serviceConfig->tcp_patterns;
+        pd_list = &serviceConfig->tcp_pattern_data;
 
-        count = &pServiceConfig->tcp_pattern_count;
-        list = &pServiceConfig->tcp_service_list;
+        count = &serviceConfig->tcp_pattern_count;
+        list = &serviceConfig->tcp_service_list;
     }
     else if ((IpProtocol)proto == IpProtocol::UDP)
     {
-        patterns = &pServiceConfig->udp_patterns;
-        pd_list = &pServiceConfig->udp_pattern_data;
+        patterns = &serviceConfig->udp_patterns;
+        pd_list = &serviceConfig->udp_pattern_data;
 
-        count = &pServiceConfig->udp_pattern_count;
-        list = &pServiceConfig->udp_service_list;
+        count = &serviceConfig->udp_pattern_count;
+        list = &serviceConfig->udp_service_list;
     }
     else
     {
@@ -542,24 +519,19 @@ void ServiceRegisterPatternDetector(RNAServiceValidationFCN fcn,
     IpProtocol proto, const uint8_t* pattern, unsigned size,
     int position, struct Detector* userdata, const char* name)
 {
-    ServiceRegisterPattern(fcn, proto, pattern, size, position, userdata, 0, name,
-        &userdata->pAppidNewConfig->serviceConfig);
+    ServiceRegisterPattern(fcn, proto, pattern, size, position, userdata, 0, name);
 }
 
 static void ServiceRegisterPatternUser(RNAServiceValidationFCN fcn, IpProtocol proto,
-    const uint8_t* pattern, unsigned size, int position, const char* name, AppIdConfig* pConfig)
+    const uint8_t* pattern, unsigned size, int position, const char* name)
 {
-    ServiceRegisterPattern(fcn, proto, pattern, size, position, nullptr, 1, name,
-        &pConfig->serviceConfig);
+    ServiceRegisterPattern(fcn, proto, pattern, size, position, nullptr, 1, name);
 }
 
 static void CServiceRegisterPattern(RNAServiceValidationFCN fcn, IpProtocol proto,
-    const uint8_t* pattern, unsigned size,
-    int position, const char* name,
-    AppIdConfig* pConfig)
+    const uint8_t* pattern, unsigned size, int position, const char* name)
 {
-    ServiceRegisterPattern(fcn, proto, pattern, size, position, nullptr, 0, name,
-        &pConfig->serviceConfig);
+    ServiceRegisterPattern(fcn, proto, pattern, size, position, nullptr, 0, name);
 }
 
 static void RemoveServicePortsByType(RNAServiceValidationFCN validate, SF_LIST** services,
@@ -610,57 +582,55 @@ static void RemoveServicePortsByType(RNAServiceValidationFCN validate, SF_LIST**
  * This function takes care of removing ports for all services including C service modules,
  * Lua detector modules and services associated with C detector modules.
  *
- * @param pServiceConfig - Service configuration from which all ports need to be removed
  * @return void
  */
-static void RemoveAllServicePorts(ServiceConfig* pServiceConfig)
+static void RemoveAllServicePorts()
 {
     int i;
 
-    for (i=0; i<RNA_SERVICE_MAX_PORT; i++)
+    for ( i= 0; i < RNA_SERVICE_MAX_PORT; i++)
     {
-        if (pServiceConfig->tcp_services[i])
+        if (serviceConfig->tcp_services[i])
         {
-            sflist_free(pServiceConfig->tcp_services[i]);
-            pServiceConfig->tcp_services[i] = nullptr;
+            sflist_free(serviceConfig->tcp_services[i]);
+            serviceConfig->tcp_services[i] = nullptr;
         }
     }
-    for (i=0; i<RNA_SERVICE_MAX_PORT; i++)
+    for (i = 0; i < RNA_SERVICE_MAX_PORT; i++)
     {
-        if (pServiceConfig->udp_services[i])
+        if (serviceConfig->udp_services[i])
         {
-            sflist_free(pServiceConfig->udp_services[i]);
-            pServiceConfig->udp_services[i] = nullptr;
+            sflist_free(serviceConfig->udp_services[i]);
+            serviceConfig->udp_services[i] = nullptr;
         }
     }
-    for (i=0; i<RNA_SERVICE_MAX_PORT; i++)
+    for (i = 0; i < RNA_SERVICE_MAX_PORT; i++)
     {
-        if (pServiceConfig->udp_reversed_services[i])
+        if (serviceConfig->udp_reversed_services[i])
         {
-            sflist_free(pServiceConfig->udp_reversed_services[i]);
-            pServiceConfig->udp_reversed_services[i] = nullptr;
+            sflist_free(serviceConfig->udp_reversed_services[i]);
+            serviceConfig->udp_reversed_services[i] = nullptr;
         }
     }
 }
 
-void ServiceRemovePorts(RNAServiceValidationFCN validate, struct Detector* userdata,
-    AppIdConfig* pConfig)
+void ServiceRemovePorts(RNAServiceValidationFCN validate, struct Detector* userdata)
 {
-    RemoveServicePortsByType(validate, pConfig->serviceConfig.tcp_services,
-        pConfig->serviceConfig.tcp_service_list, userdata);
-    RemoveServicePortsByType(validate, pConfig->serviceConfig.udp_services,
-        pConfig->serviceConfig.udp_service_list, userdata);
-    RemoveServicePortsByType(validate, pConfig->serviceConfig.udp_reversed_services,
-        pConfig->serviceConfig.udp_reversed_service_list, userdata);
+    RemoveServicePortsByType(validate, serviceConfig->tcp_services,
+        serviceConfig->tcp_service_list, userdata);
+    RemoveServicePortsByType(validate, serviceConfig->udp_services,
+        serviceConfig->udp_service_list, userdata);
+    RemoveServicePortsByType(validate, serviceConfig->udp_reversed_services,
+        serviceConfig->udp_reversed_service_list, userdata);
 }
 
-static void CServiceRemovePorts(RNAServiceValidationFCN validate, AppIdConfig* pConfig)
+static void CServiceRemovePorts(RNAServiceValidationFCN validate)
 {
-    ServiceRemovePorts(validate, nullptr, pConfig);
+    ServiceRemovePorts(validate, nullptr);
 }
 
 int ServiceAddPort(const RNAServiceValidationPort* pp, RNAServiceValidationModule* svm,
-    struct Detector* userdata, AppIdConfig* pConfig)
+    struct Detector* userdata)
 {
     SF_LIST** services;
     RNAServiceElement** list = nullptr;
@@ -671,20 +641,20 @@ int ServiceAddPort(const RNAServiceValidationPort* pp, RNAServiceValidationModul
         svm->name, (unsigned)pp->proto, (unsigned)pp->port);
     if (pp->proto == IpProtocol::TCP)
     {
-        services = pConfig->serviceConfig.tcp_services;
-        list = &pConfig->serviceConfig.tcp_service_list;
+        services = serviceConfig->tcp_services;
+        list = &serviceConfig->tcp_service_list;
     }
     else if (pp->proto == IpProtocol::UDP)
     {
         if (!pp->reversed_validation)
         {
-            services = pConfig->serviceConfig.udp_services;
-            list = &pConfig->serviceConfig.udp_service_list;
+            services = serviceConfig->udp_services;
+            list = &serviceConfig->udp_service_list;
         }
         else
         {
-            services = pConfig->serviceConfig.udp_reversed_services;
-            list = &pConfig->serviceConfig.udp_reversed_service_list;
+            services = serviceConfig->udp_reversed_services;
+            list = &serviceConfig->udp_reversed_service_list;
         }
     }
     else
@@ -738,14 +708,18 @@ int ServiceAddPort(const RNAServiceValidationPort* pp, RNAServiceValidationModul
     return 0;
 }
 
-static int CServiceAddPort(const RNAServiceValidationPort* pp, RNAServiceValidationModule* svm,
-    AppIdConfig* pConfig)
+static int CServiceAddPort(const RNAServiceValidationPort* pp, RNAServiceValidationModule* svm)
 {
+    return ServiceAddPort(pp, svm, nullptr);
+}
 
-    return ServiceAddPort(pp, svm, nullptr, pConfig);
+void add_service_to_active_list(RNAServiceValidationModule* service)
+{
+    service->next = serviceConfig->active_service_list;
+    serviceConfig->active_service_list = service;
 }
 
-int serviceLoadForConfigCallback(void* symbol, AppIdConfig* pConfig)
+static int serviceLoadForConfigCallback(void* symbol)
 {
     static unsigned service_module_index = 0;
     RNAServiceValidationModule* svm = (RNAServiceValidationModule*)symbol;
@@ -759,14 +733,14 @@ int serviceLoadForConfigCallback(void* symbol, AppIdConfig* pConfig)
 
     svm->api = &serviceapi;
     for (pp = svm->pp; pp && pp->validate; pp++)
-        if (CServiceAddPort(pp, svm, pConfig))
+        if (CServiceAddPort(pp, svm))
             return -1;
 
     if (svm->init(&svc_init_api))
         ErrorMessage("Error initializing service %s\n",svm->name);
 
-    svm->next = pConfig->serviceConfig.active_service_list;
-    pConfig->serviceConfig.active_service_list = svm;
+    svm->next = serviceConfig->active_service_list;
+    serviceConfig->active_service_list = svm;
 
     svm->flow_data_index = service_module_index | APPID_SESSION_DATA_SERVICE_MODSTATE_BIT;
     service_module_index++;
@@ -776,138 +750,68 @@ int serviceLoadForConfigCallback(void* symbol, AppIdConfig* pConfig)
 
 int serviceLoadCallback(void* symbol)
 {
-    return serviceLoadForConfigCallback(symbol, pAppidActiveConfig);
+    return serviceLoadForConfigCallback(symbol);
 }
 
-int LoadServiceModules(const char**, uint32_t instance_id, AppIdConfig* pConfig)
+static int load_service_detectors()
 {
-    unsigned i;
-
-    svc_init_api.instance_id = instance_id;
+    svc_init_api.instance_id = pAppidActiveConfig->mod_config->instance_id;
     svc_init_api.debug = pAppidActiveConfig->mod_config->debug;
-    svc_init_api.pAppidConfig = pConfig;
+    svc_init_api.pAppidConfig = pAppidActiveConfig;
 
-    for (i=0; i<sizeof(static_service_list)/sizeof(*static_service_list); i++)
+    for ( unsigned i = 0; i < NUM_STATIC_SERVICES; i++)
     {
-        if (serviceLoadForConfigCallback(static_service_list[i], pConfig))
+        if (serviceLoadForConfigCallback(static_service_list[i]))
             return -1;
     }
 
     return 0;
 }
 
-int ReloadServiceModules(AppIdConfig* pConfig)
+void init_service_plugins()
 {
-    RNAServiceValidationModule* svm;
-    const RNAServiceValidationPort* pp;
+    serviceConfig = new ServiceConfig;
 
-    svc_init_api.debug = pAppidActiveConfig->mod_config->debug;
-    svc_init_api.pAppidConfig = pConfig;
-
-    // active_service_list contains both service modules and services associated with
-    // detector modules
-    for (svm=pConfig->serviceConfig.active_service_list; svm; svm=svm->next)
-    {
-        // processing only non-lua service detectors.
-        if (svm->init)
-        {
-            for (pp = svm->pp; pp && pp->validate; pp++)
-                if (CServiceAddPort(pp, svm, pConfig))
-                    return -1;
-        }
-    }
-
-    return 0;
+    if ( load_service_detectors() )
+        exit(-1);
 }
 
-void ServiceInit(AppIdConfig*)
+void finalize_service_patterns()
 {
-    luaModuleInitAllServices();
-}
-
-void ServiceFinalize(AppIdConfig* pConfig)
-{
-    if (pConfig->serviceConfig.tcp_patterns)
-        pConfig->serviceConfig.tcp_patterns->prep();
-    if (pConfig->serviceConfig.udp_patterns)
-        pConfig->serviceConfig.udp_patterns->prep();
-}
-
-void UnconfigureServices(AppIdConfig* pConfig)
-{
-    RNAServiceElement* li;
-    ServicePatternData* pd;
-    RNAServiceValidationModule* svm;
-
-    svc_clean_api.pAppidConfig = pConfig;
-
-    if (pConfig->serviceConfig.tcp_patterns)
-    {
-        delete pConfig->serviceConfig.tcp_patterns;
-        pConfig->serviceConfig.tcp_patterns = nullptr;
-    }
-    // Do not free memory for the pattern; this can be later reclaimed when a
-    // new pattern needs to be created. Memory for these patterns will be freed
-    // on exit.
-    while (pConfig->serviceConfig.tcp_pattern_data)
-    {
-        pd = pConfig->serviceConfig.tcp_pattern_data;
-        if ((li = pd->svc) != nullptr)
-            li->ref_count--;
-        pConfig->serviceConfig.tcp_pattern_data = pd->next;
-        pd->next = free_pattern_data;
-        free_pattern_data = pd;
-    }
-    if (pConfig->serviceConfig.udp_patterns)
-    {
-        delete pConfig->serviceConfig.udp_patterns;
-        pConfig->serviceConfig.udp_patterns = nullptr;
-    }
-    while (pConfig->serviceConfig.udp_pattern_data)
-    {
-        pd = pConfig->serviceConfig.udp_pattern_data;
-        if ((li = pd->svc) != nullptr)
-            li->ref_count--;
-        pConfig->serviceConfig.udp_pattern_data = pd->next;
-        pd->next = free_pattern_data;
-        free_pattern_data = pd;
-    }
-
-    RemoveAllServicePorts(&pConfig->serviceConfig);
-
-    for (svm=pConfig->serviceConfig.active_service_list; svm; svm=svm->next)
-    {
-        if (svm->clean)
-            svm->clean(&svc_clean_api);
-    }
-
-    CleanServicePortPatternList(pConfig);
-}
-
-void ReconfigureServices(AppIdConfig* pConfig)
-{
-    RNAServiceValidationModule* svm;
-
-    for (svm=pConfig->serviceConfig.active_service_list; svm; svm=svm->next)
+    ServicePatternData* curr;
+    ServicePatternData* lists[] = { serviceConfig->tcp_pattern_data,
+                                    serviceConfig->udp_pattern_data };
+    for ( unsigned i = 0; i < (sizeof(lists) / sizeof(*lists)); i++)
     {
-        /*processing only non-lua service detectors. */
-        if (svm->init)
+        curr = lists[i];
+        while (curr != nullptr)
         {
-            if (svm->init(&svc_init_api))
+            if (curr->svc != nullptr)
             {
-                ErrorMessage("Error initializing service %s\n",svm->name);
-            }
-            else
-            {
-                DebugFormat(DEBUG_INSPECTOR,"Initialized service %s\n",svm->name);
+                bool isActive = true;
+                if (curr->svc->userdata && !curr->svc->userdata->isActive)
+                {
+                    /* C detectors don't have userdata here, but they're always
+                     * active.  So, this check is really just for Lua
+                     * detectors. */
+                    isActive = false;
+                }
+                if (isActive)
+                {
+                    curr->svc->current_ref_count = curr->svc->ref_count;
+                }
             }
+            curr = curr->next;
         }
     }
 
-    ServiceInit(pConfig);
+    if (serviceConfig->tcp_patterns)
+        serviceConfig->tcp_patterns->prep();
+    if (serviceConfig->udp_patterns)
+        serviceConfig->udp_patterns->prep();
 }
 
-void CleanupServices(AppIdConfig* pConfig)
+void clean_service_plugins()
 {
     ServicePatternData* pattern;
     RNAServiceElement* se;
@@ -916,64 +820,71 @@ void CleanupServices(AppIdConfig* pConfig)
     FpSMBData* sd;
     DHCPInfo* info;
 
-    svc_clean_api.pAppidConfig = pConfig;
-
-    if (pConfig->serviceConfig.tcp_patterns)
+    if (serviceConfig->tcp_patterns)
     {
-        delete pConfig->serviceConfig.tcp_patterns;
-        pConfig->serviceConfig.tcp_patterns = nullptr;
+        delete serviceConfig->tcp_patterns;
+        serviceConfig->tcp_patterns = nullptr;
     }
-    if (pConfig->serviceConfig.udp_patterns)
+
+    if (serviceConfig->udp_patterns)
     {
-        delete pConfig->serviceConfig.udp_patterns;
-        pConfig->serviceConfig.udp_patterns = nullptr;
+        delete serviceConfig->udp_patterns;
+        serviceConfig->udp_patterns = nullptr;
     }
-    while ((pattern=pConfig->serviceConfig.tcp_pattern_data))
+
+    while ((pattern = serviceConfig->tcp_pattern_data))
     {
-        pConfig->serviceConfig.tcp_pattern_data = pattern->next;
+        serviceConfig->tcp_pattern_data = pattern->next;
         snort_free(pattern);
     }
-    while ((pattern=pConfig->serviceConfig.udp_pattern_data))
+    while ((pattern = serviceConfig->udp_pattern_data))
     {
-        pConfig->serviceConfig.udp_pattern_data = pattern->next;
+        serviceConfig->udp_pattern_data = pattern->next;
         snort_free(pattern);
     }
-    while ((pattern=free_pattern_data))
+
+    while ((pattern = free_pattern_data))
     {
         free_pattern_data = pattern->next;
         snort_free(pattern);
     }
-    while ((se=pConfig->serviceConfig.tcp_service_list))
+
+    while ((se = serviceConfig->tcp_service_list))
     {
-        pConfig->serviceConfig.tcp_service_list = se->next;
+        serviceConfig->tcp_service_list = se->next;
         delete se;
     }
-    while ((se=pConfig->serviceConfig.udp_service_list))
+
+    while ((se = serviceConfig->udp_service_list))
     {
-        pConfig->serviceConfig.udp_service_list = se->next;
+        serviceConfig->udp_service_list = se->next;
         delete se;
     }
-    while ((se=pConfig->serviceConfig.udp_reversed_service_list))
+
+    while ((se = serviceConfig->udp_reversed_service_list))
     {
-        pConfig->serviceConfig.udp_reversed_service_list = se->next;
+        serviceConfig->udp_reversed_service_list = se->next;
         delete se;
     }
+
     while ((sd = smb_data_free_list))
     {
         smb_data_free_list = sd->next;
         snort_free(sd);
     }
+
     while ((info = dhcp_info_free_list))
     {
         dhcp_info_free_list = info->next;
         snort_free(info);
     }
+
     while ((sm = free_service_match))
     {
         free_service_match = sm->next;
         snort_free(sm);
     }
-    cleanupFreeServiceMatch();
+
     if (smOrderedList)
     {
         // FIXIT-M: still allocated with calloc/realloc - vector coming soon...
@@ -981,15 +892,17 @@ void CleanupServices(AppIdConfig* pConfig)
         smOrderedListSize = 32;
     }
 
-    RemoveAllServicePorts(&pConfig->serviceConfig);
+    RemoveAllServicePorts();
 
-    for (svm=pConfig->serviceConfig.active_service_list; svm; svm=svm->next)
+    for (svm = serviceConfig->active_service_list; svm; svm = svm->next)
     {
         if (svm->clean)
-            svm->clean(&svc_clean_api);
+            svm->clean();
     }
 
-    CleanServicePortPatternList(pConfig);
+    clean_service_port_patterns();
+
+    delete serviceConfig;
 }
 
 static int AppIdPatternPrecedence(const void* a, const void* b)
@@ -1013,7 +926,7 @@ static int AppIdPatternPrecedence(const void* a, const void* b)
  * this sensor.
 */
 static inline RNAServiceElement* AppIdGetServiceByPattern(const Packet* pkt, IpProtocol proto,
-    const int, AppIdServiceIDState* id_state, const ServiceConfig* pServiceConfig)
+    const int, AppIdServiceIDState* id_state)
 {
     SearchTool* patterns = nullptr;
     ServiceMatch* match_list;
@@ -1023,9 +936,9 @@ static inline RNAServiceElement* AppIdGetServiceByPattern(const Packet* pkt, IpP
     RNAServiceElement* service = nullptr;
 
     if (proto == IpProtocol::TCP)
-        patterns = pServiceConfig->tcp_patterns;
+        patterns = serviceConfig->tcp_patterns;
     else
-        patterns = pServiceConfig->udp_patterns;
+        patterns = serviceConfig->udp_patterns;
 
     if (!patterns)
     {
@@ -1129,19 +1042,16 @@ static inline RNAServiceElement* AppIdGetServiceByPattern(const Packet* pkt, IpP
     return service;
 }
 
-static inline RNAServiceElement* AppIdGetServiceByBruteForce(
-    IpProtocol protocol,
-    const RNAServiceElement* lasService,
-    const AppIdConfig* pConfig
-    )
+static inline RNAServiceElement* AppIdGetServiceByBruteForce(IpProtocol protocol,
+    const RNAServiceElement* lasService)
 {
     RNAServiceElement* service;
 
     if (lasService)
         service = lasService->next;
     else
-        service = ((protocol == IpProtocol::TCP) ? pConfig->serviceConfig.tcp_service_list :
-            pConfig->serviceConfig.udp_service_list);
+        service = ((protocol == IpProtocol::TCP) ? serviceConfig->tcp_service_list :
+            serviceConfig->udp_service_list);
 
     while (service && !service->current_ref_count)
         service = service->next;
@@ -2015,7 +1925,7 @@ void FailInProcessService(AppIdSession* flowp, const AppIdConfig*)
  * through the main port/pattern search (and returning which detector to add
  * next to the list of detectors to try (even if only 1)). */
 static const RNAServiceElement* AppIdGetNexService(const Packet* p, const int dir,
-    AppIdSession* rnaData,  const AppIdConfig* pConfig, AppIdServiceIDState* id_state)
+    AppIdSession* rnaData, AppIdServiceIDState* id_state)
 {
     auto proto = rnaData->protocol;
 
@@ -2030,7 +1940,7 @@ static const RNAServiceElement* AppIdGetNexService(const Packet* p, const int di
     if (id_state->state == SERVICE_ID_PORT)
     {
         id_state->svc = AppIdGetNexServiceByPort(proto, (uint16_t)((dir ==
-            APP_ID_FROM_RESPONDER) ? p->ptrs.sp : p->ptrs.dp), id_state->svc, rnaData, pConfig);
+            APP_ID_FROM_RESPONDER) ? p->ptrs.sp : p->ptrs.dp), id_state->svc, rnaData);
         if (id_state->svc != nullptr)
         {
             return id_state->svc;
@@ -2070,12 +1980,12 @@ static const RNAServiceElement* AppIdGetNexService(const Packet* p, const int di
                 {
                     reverse_service = reverse_id_state->svc;
                 }
-                if (    reverse_service
-                    || (pConfig->serviceConfig.udp_reversed_services[p->ptrs.sp] &&
+                if ( reverse_service
+                    || (serviceConfig->udp_reversed_services[p->ptrs.sp] &&
                     (reverse_service = ( RNAServiceElement*)sflist_first(
-                        pConfig->serviceConfig.udp_reversed_services[p->ptrs.sp], &iter)))
-                    || (p->dsize && (reverse_service = AppIdGetServiceByPattern(p, proto,
-                        dir, nullptr, &pConfig->serviceConfig))) )
+                        serviceConfig->udp_reversed_services[p->ptrs.sp], &iter)))
+                    || (p->dsize &&
+                        (reverse_service = AppIdGetServiceByPattern(p, proto, dir, nullptr))) )
                 {
                     id_state->svc = reverse_service;
                     return id_state->svc;
@@ -2089,8 +1999,7 @@ static const RNAServiceElement* AppIdGetNexService(const Packet* p, const int di
         {
             if (id_state->serviceList == nullptr)    /* no list yet (need to make one) */
             {
-                id_state->svc = AppIdGetServiceByPattern(p, proto, dir, id_state,
-                    &pConfig->serviceConfig);
+                id_state->svc = AppIdGetServiceByPattern(p, proto, dir, id_state);
             }
             else    /* already have a pattern service list (just use it) */
             {
@@ -2183,7 +2092,7 @@ int AppIdDiscoverService(Packet* p, const int dir, AppIdSession* rnaData,
             && (rnaData->num_candidate_services_tried == 0)
             && !id_state->searching )
         {
-            rnaData->serviceData = AppIdGetServiceByBruteForce(proto, id_state->svc, pConfig);
+            rnaData->serviceData = AppIdGetServiceByBruteForce(proto, id_state->svc);
             id_state->svc = rnaData->serviceData;
         }
     }
@@ -2235,8 +2144,7 @@ int AppIdDiscoverService(Packet* p, const int dir, AppIdSession* rnaData,
         {
             while (rnaData->num_candidate_services_tried < MAX_CANDIDATE_SERVICES)
             {
-                const RNAServiceElement* tmp = AppIdGetNexService(p, dir, rnaData, pConfig,
-                    id_state);
+                const RNAServiceElement* tmp = AppIdGetNexService(p, dir, rnaData, id_state);
                 if (tmp != nullptr)
                 {
                     SF_LNODE* iter = nullptr;
@@ -2370,10 +2278,6 @@ static int service_flowdata_add(AppIdSession* flow, void* data, unsigned service
     return flow->add_flow_data(data, service_id, fcn);
 }
 
-/** GUS: 2006 09 28 10:10:54
- *  A simple function that prints the
- *  ports that have decoders registered.
- */
 static void dumpServices(FILE* stream, SF_LIST* const* parray)
 {
     int i,n = 0;
@@ -2382,22 +2286,21 @@ static void dumpServices(FILE* stream, SF_LIST* const* parray)
         if (parray[i] && (sflist_count(parray[i]) != 0))
         {
             if ( n !=  0)
-            {
                 fprintf(stream," ");
-            }
+
             n++;
             fprintf(stream,"%d",i);
         }
     }
 }
 
-void dumpPorts(FILE* stream, const AppIdConfig* pConfig)
+void dumpPorts(FILE* stream)
 {
     fprintf(stream,"(tcp ");
-    dumpServices(stream,pConfig->serviceConfig.tcp_services);
+    dumpServices(stream, serviceConfig->tcp_services);
     fprintf(stream,") \n");
     fprintf(stream,"(udp ");
-    dumpServices(stream,pConfig->serviceConfig.udp_services);
+    dumpServices(stream, serviceConfig->udp_services);
     fprintf(stream,") \n");
 }
 

diff --git a/src/network_inspectors/appid/service_plugins/service_base.h b/src/network_inspectors/appid/service_plugins/service_base.h
index de03260e59f9f4bc042725fbf6132d1c10c67805..cbb4dffe8b0c062aecb4e2f6743c5e15019efbb9 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_base.h
+++ b/src/network_inspectors/appid/service_plugins/service_base.h
@@ -40,22 +40,17 @@ struct Detector;
 struct RNAServiceValidationPort;
 struct RNAServiceValidationModule;
 
-void CleanupServices(AppIdConfig*);
-void ReconfigureServices(AppIdConfig*);
-void UnconfigureServices(AppIdConfig*);
-void ServiceInit(AppIdConfig*);
-void ServiceFinalize(AppIdConfig*);
+void init_service_plugins();
+void finalize_service_patterns();
+
+void clean_service_plugins();
+void UnconfigureServices();
+void ServiceFinalize();
 void FailInProcessService(AppIdSession*, const AppIdConfig*);
-int LoadServiceModules(const char** dir_list, uint32_t instance_id, AppIdConfig*);
 
-// This function is called during reload/reconfiguration. It registers service ports in the given
-// AppId configuration. This function also takes care of services associated with detector modules.
-int ReloadServiceModules(AppIdConfig*);
 int serviceLoadCallback(void* symbol);
-int serviceLoadForConfigCallback(void* symbol, AppIdConfig*);
-int ServiceAddPort(const RNAServiceValidationPort*, RNAServiceValidationModule*, Detector*,
-        AppIdConfig*);
-void ServiceRemovePorts(RNAServiceValidationFCN, Detector*, AppIdConfig*);
+int ServiceAddPort(const RNAServiceValidationPort*, RNAServiceValidationModule*, Detector*);
+void ServiceRemovePorts(RNAServiceValidationFCN, Detector*);
 void ServiceRegisterPatternDetector(RNAServiceValidationFCN, IpProtocol proto,
         const uint8_t* pattern, unsigned size, int position, Detector*, const char* name);
 int AppIdDiscoverService(Packet*, int direction, AppIdSession*, const AppIdConfig*);
@@ -74,15 +69,12 @@ int AddFTPServiceState(AppIdSession*);
 void AppIdFreeDhcpInfo(DHCPInfo*);
 void AppIdFreeSMBData(FpSMBData*);
 void AppIdFreeDhcpData(DhcpFPData*);
-void dumpPorts(FILE*, const AppIdConfig*);
-const RNAServiceElement* ServiceGetServiceElement(RNAServiceValidationFCN, Detector*,
-        AppIdConfig*);
-
-extern RNAServiceValidationModule* active_service_list;
+void dumpPorts(FILE*);
+const RNAServiceElement* ServiceGetServiceElement(RNAServiceValidationFCN, Detector*);
 
+void add_service_to_active_list(RNAServiceValidationModule* service);
 extern uint32_t app_id_instance_id;
 
-void cleanupFreeServiceMatch();
 void AppIdFreeServiceMatchList(ServiceMatch* sm);
 
 inline bool compareServiceElements(const RNAServiceElement* first,

diff --git a/src/network_inspectors/appid/service_plugins/service_battle_field.cc b/src/network_inspectors/appid/service_plugins/service_battle_field.cc
index 90a3d676a00d1d075834a5f7113a8ee2c3308004..9bb72d8ebb6ab8fa7b851a90f0eccbb5ffc37931 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_battle_field.cc
+++ b/src/network_inspectors/appid/service_plugins/service_battle_field.cc
@@ -99,24 +99,24 @@ static AppRegistryEntry appIdRegistry[] =
 static int battle_field_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&battle_field_validate, IpProtocol::TCP, (uint8_t*)PATTERN_HELLO,
-        sizeof(PATTERN_HELLO)-1,  5, "battle_field", init_api->pAppidConfig);
+        sizeof(PATTERN_HELLO)-1,  5, "battle_field");
     init_api->RegisterPattern(&battle_field_validate, IpProtocol::TCP, (uint8_t*)PATTERN_2,
-        sizeof(PATTERN_2)-1,  0, "battle_field", init_api->pAppidConfig);
+        sizeof(PATTERN_2)-1,  0, "battle_field");
     init_api->RegisterPattern(&battle_field_validate, IpProtocol::TCP, (uint8_t*)PATTERN_3,
-        sizeof(PATTERN_3)-1,  0, "battle_field", init_api->pAppidConfig);
+        sizeof(PATTERN_3)-1,  0, "battle_field");
     init_api->RegisterPattern(&battle_field_validate, IpProtocol::TCP, (uint8_t*)PATTERN_4,
-        sizeof(PATTERN_4)-1,  0, "battle_field", init_api->pAppidConfig);
+        sizeof(PATTERN_4)-1,  0, "battle_field");
     init_api->RegisterPattern(&battle_field_validate, IpProtocol::TCP, (uint8_t*)PATTERN_5,
-        sizeof(PATTERN_5)-1,  0, "battle_field", init_api->pAppidConfig);
+        sizeof(PATTERN_5)-1,  0, "battle_field");
     init_api->RegisterPattern(&battle_field_validate, IpProtocol::TCP, (uint8_t*)PATTERN_6,
-        sizeof(PATTERN_6)-1,  0, "battle_field", init_api->pAppidConfig);
+        sizeof(PATTERN_6)-1,  0, "battle_field");
 
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&battle_field_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_bgp.cc b/src/network_inspectors/appid/service_plugins/service_bgp.cc
index 158c69f17416f114b07db7c69ac5fc087b717c9b..6d76240262b441ec7a3342dec50efc5e3ce9aead 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_bgp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_bgp.cc
@@ -132,14 +132,14 @@ static AppRegistryEntry appIdRegistry[] =
 
 static int bgp_init(const IniServiceAPI* const init_api)
 {
-    init_api->RegisterPattern(&bgp_validate, IpProtocol::TCP, BGP_PATTERN, sizeof(BGP_PATTERN), 0,
-        "bgp", init_api->pAppidConfig);
+    init_api->RegisterPattern(&bgp_validate, IpProtocol::TCP, BGP_PATTERN,
+            sizeof(BGP_PATTERN), 0, "bgp");
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&bgp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_bit.cc b/src/network_inspectors/appid/service_plugins/service_bit.cc
index 9f3615206293fa26c3770f9c4e34bef4edc2170a..060b0b7438bff46530472815bacbe44b847e1515 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_bit.cc
+++ b/src/network_inspectors/appid/service_plugins/service_bit.cc
@@ -116,13 +116,13 @@ static AppRegistryEntry appIdRegistry[] =
 static int bit_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&bit_validate, IpProtocol::TCP, (const uint8_t*)BIT_BANNER,
-        sizeof(BIT_BANNER)-1, 0, svc_name, init_api->pAppidConfig);
+        sizeof(BIT_BANNER)-1, 0, svc_name);
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&bit_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_bootp.cc b/src/network_inspectors/appid/service_plugins/service_bootp.cc
index d796e43b43e305848a43d889bcbadd3a8df3d83a..d703683e96ad1461074a06d825ddd33689998493 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_bootp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_bootp.cc
@@ -111,7 +111,7 @@ static int bootp_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&bootp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_config.h b/src/network_inspectors/appid/service_plugins/service_config.h
index 437f79b8d8d6f716db7d79647b1c01957995cd46..cd9c64974b96e835d5f9db827f1d0ffb88fe450a 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_config.h
+++ b/src/network_inspectors/appid/service_plugins/service_config.h
@@ -49,14 +49,6 @@ struct DetectorSSLCertPattern
     DetectorSSLCertPattern* next;
 };
 
-struct ServiceSslConfig
-{
-    DetectorSSLCertPattern* DetectorSSLCertPatternList;
-    DetectorSSLCertPattern* DetectorSSLCnamePatternList;
-    SearchTool* ssl_host_matcher;
-    SearchTool* ssl_cname_matcher;
-};
-
 // DNS host pattern structure
 struct DNSHostPattern
 {
@@ -72,12 +64,6 @@ struct DetectorDNSHostPattern
     DetectorDNSHostPattern* next;
 };
 
-struct ServiceDnsConfig
-{
-    DetectorDNSHostPattern* DetectorDNSHostPatternList;
-    SearchTool* dns_host_host_matcher;
-};
-
 struct ServicePatternData
 {
     ServicePatternData* next;
@@ -86,24 +72,29 @@ struct ServicePatternData
     RNAServiceElement* svc;
 };
 
-struct ServiceConfig
+class ServiceConfig
 {
-    RNAServiceValidationModule* active_service_list; // List of all services (Lua and C)
-    RNAServiceElement* tcp_service_list;             // List of all TCP services (Lua and C)
-    RNAServiceElement* udp_service_list;             // List of all UDP services (Lua and C)
-    RNAServiceElement* udp_reversed_service_list;    // List of all UDP reversed services (Lua and C)
+public:
+    ServiceConfig() {}
+    ~ServiceConfig() {}
+
+    // Lists of services (Lua and C)
+    RNAServiceValidationModule* active_service_list = nullptr;
+    RNAServiceElement* tcp_service_list = nullptr;
+    RNAServiceElement* udp_service_list = nullptr;
+    RNAServiceElement* udp_reversed_service_list = nullptr;
 
     //list nodes are RNAServiceElement*.
-    SF_LIST* tcp_services[RNA_SERVICE_MAX_PORT];
-    SF_LIST* udp_services[RNA_SERVICE_MAX_PORT];
-    SF_LIST* udp_reversed_services[RNA_SERVICE_MAX_PORT];
-
-    SearchTool* tcp_patterns;
-    ServicePatternData* tcp_pattern_data;
-    int tcp_pattern_count;
-    SearchTool* udp_patterns;
-    ServicePatternData* udp_pattern_data;
-    int udp_pattern_count;
+    SF_LIST* tcp_services[RNA_SERVICE_MAX_PORT] = { nullptr };
+    SF_LIST* udp_services[RNA_SERVICE_MAX_PORT] = { nullptr };
+    SF_LIST* udp_reversed_services[RNA_SERVICE_MAX_PORT] = { nullptr };
+
+    SearchTool* tcp_patterns = nullptr;
+    ServicePatternData* tcp_pattern_data = nullptr;
+    int tcp_pattern_count = 0;
+    SearchTool* udp_patterns = nullptr;
+    ServicePatternData* udp_pattern_data = nullptr;
+    int udp_pattern_count = 0;
 };
 
 #endif

diff --git a/src/network_inspectors/appid/service_plugins/service_dcerpc.cc b/src/network_inspectors/appid/service_plugins/service_dcerpc.cc
index 64dfcd0699a2ff56113bfa572450842ae58466c2..4cdc1eeef550d49d17dd8457957d8c9c85f2aae8 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_dcerpc.cc
+++ b/src/network_inspectors/appid/service_plugins/service_dcerpc.cc
@@ -94,7 +94,7 @@ static int dcerpc_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&dcerpc_udp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_direct_connect.cc b/src/network_inspectors/appid/service_plugins/service_direct_connect.cc
index b3b8b07ae089380893e6c1ff7d4e0f0a7ded3695..aaeb84d8fe718d50702e050813fa51cef3955e7a 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_direct_connect.cc
+++ b/src/network_inspectors/appid/service_plugins/service_direct_connect.cc
@@ -104,26 +104,26 @@ static AppRegistryEntry appIdRegistry[] =
 static int direct_connect_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::TCP, (uint8_t*)PATTERN1,
-        sizeof(PATTERN1)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN1)-1,  0, "direct_connect");
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::TCP, (uint8_t*)PATTERN2,
-        sizeof(PATTERN2)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN2)-1,  0, "direct_connect");
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::TCP, (uint8_t*)PATTERN3,
-        sizeof(PATTERN3)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN3)-1,  0, "direct_connect");
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::TCP, (uint8_t*)PATTERN4,
-        sizeof(PATTERN4)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN4)-1,  0, "direct_connect");
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::TCP, (uint8_t*)PATTERN5,
-        sizeof(PATTERN5)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN5)-1,  0, "direct_connect");
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::TCP, (uint8_t*)PATTERN6,
-        sizeof(PATTERN6)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN6)-1,  0, "direct_connect");
     init_api->RegisterPattern(&direct_connect_validate, IpProtocol::UDP, (uint8_t*)PATTERN7,
-        sizeof(PATTERN7)-1,  0, "direct_connect", init_api->pAppidConfig);
+        sizeof(PATTERN7)-1,  0, "direct_connect");
 
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&direct_connect_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_flap.cc b/src/network_inspectors/appid/service_plugins/service_flap.cc
index 5ab626c9ecf9d88a75d026338716e9c1d4714cfc..718b287b74e1909c3653f21a16805b0f0d6b39bd 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_flap.cc
+++ b/src/network_inspectors/appid/service_plugins/service_flap.cc
@@ -119,13 +119,13 @@ static AppRegistryEntry appIdRegistry[] =
 static int flap_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&flap_validate, IpProtocol::TCP, FLAP_PATTERN,
-            sizeof(FLAP_PATTERN), 0, "flap", init_api->pAppidConfig);
+            sizeof(FLAP_PATTERN), 0, "flap");
     //unsigned i;
     for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&flap_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_ftp.cc b/src/network_inspectors/appid/service_plugins/service_ftp.cc
index 9f8768c088e6d7de68057f7a44ce33b654afec5a..f241a600fca5b3011907dcdc73dc726162cb3b46 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ftp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ftp.cc
@@ -141,19 +141,19 @@ static int ftp_init(const IniServiceAPI* const init_api)
     ftp_data_app_id = AddProtocolReference("ftp-data");
 
     init_api->RegisterPattern(&ftp_validate, IpProtocol::TCP, (uint8_t*)FTP_PATTERN1,
-        sizeof(FTP_PATTERN1)-1, 0, "ftp", init_api->pAppidConfig);
+        sizeof(FTP_PATTERN1)-1, 0, "ftp");
     init_api->RegisterPattern(&ftp_validate, IpProtocol::TCP, (uint8_t*)FTP_PATTERN2,
-        sizeof(FTP_PATTERN2)-1, 0, "ftp", init_api->pAppidConfig);
+        sizeof(FTP_PATTERN2)-1, 0, "ftp");
     init_api->RegisterPattern(&ftp_validate, IpProtocol::TCP, (uint8_t*)FTP_PATTERN3,
-        sizeof(FTP_PATTERN3)-1, -1, "ftp", init_api->pAppidConfig);
+        sizeof(FTP_PATTERN3)-1, -1, "ftp");
     init_api->RegisterPattern(&ftp_validate, IpProtocol::TCP, (uint8_t*)FTP_PATTERN4,
-        sizeof(FTP_PATTERN4)-1, -1, "ftp", init_api->pAppidConfig);
+        sizeof(FTP_PATTERN4)-1, -1, "ftp");
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&ftp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_irc.cc b/src/network_inspectors/appid/service_plugins/service_irc.cc
index 46761ac097b0f353bab12290222a193c9d09f270..b9db1704c5c32ce25417b515c3e420bfd7033119 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_irc.cc
+++ b/src/network_inspectors/appid/service_plugins/service_irc.cc
@@ -110,7 +110,7 @@ static int irc_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&irc_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_lpr.cc b/src/network_inspectors/appid/service_plugins/service_lpr.cc
index c54b3123cf329bd8aeaf719f7b1dc203722f2bdf..ea92497b0cc3a6eeb0e220d33c6a6342f4557f4e 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_lpr.cc
+++ b/src/network_inspectors/appid/service_plugins/service_lpr.cc
@@ -107,7 +107,7 @@ static int lpr_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&lpr_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc
index 41db537d8cb1b2dc2967ee412e83f65d65535b90..254afb8b533dbb1e2dc770b6896b9091fda21a6d 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_mdns.cc
+++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc
@@ -96,14 +96,14 @@ static int MDNS_init(const IniServiceAPI* const init_api);
 static int ReferencePointer(const char* start_ptr,const char** resp_endptr,   int* start_index,
     uint16_t data_size, uint8_t* user_name_len, unsigned offset, const AppIdConfig* pConfig);
 static int MDNS_validate(ServiceValidationArgs* args);
-static int mdnsMatcherCreate(AppIdConfig* pConfig);
-static void mdnsMatcherDestroy(AppIdConfig* pConfig);
+static int mdnsMatcherCreate();
+static void mdnsMatcherDestroy();
 static unsigned mdnsMatchListCreate(const char* data, uint16_t dataSize, const
     AppIdConfig* pConfig);
 static void mdnsMatchListFind(const char* dataPtr, uint16_t index, const char** resp_endptr,
     int* pattern_length, const AppIdConfig* pConfig);
-static void mdnsMatchListDestroy(const AppIdConfig* pConfig);
-static void MDNS_clean(const CleanServiceAPI* const clean_api);
+static void mdnsMatchListDestroy();
+static void MDNS_clean();
 
 static RNAServiceElement svc_element =
 {
@@ -147,10 +147,10 @@ static int MDNS_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&MDNS_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
-    mdnsMatcherCreate(init_api->pAppidConfig);
+    mdnsMatcherCreate();
     return 0;
 }
 
@@ -414,7 +414,7 @@ static int MDNS_validate(ServiceValidationArgs* args)
             if (pAppidActiveConfig->mod_config->mdns_user_reporting)
             {
                 MDNSUserAnalyser(flowp, pkt, size, args->pConfig);
-                mdnsMatchListDestroy(args->pConfig);
+                mdnsMatchListDestroy();
                 goto success;
             }
             goto success;
@@ -437,7 +437,7 @@ fail:
     return SERVICE_NOMATCH;
 }
 
-static MatchedPatterns* patternFreeList;
+static THREAD_LOCAL MatchedPatterns* patternFreeList;
 
 static MdnsPattern patterns[] =
 {
@@ -447,7 +447,7 @@ static MdnsPattern patterns[] =
     { (uint8_t*)PATTERN_STR_ARPA_2, sizeof(PATTERN_STR_ARPA_2) },
 };
 
-static int mdnsMatcherCreate(AppIdConfig* pConfig)
+static int mdnsMatcherCreate()
 {
     MdnsConfig* pMdnsConfig = (MdnsConfig*)snort_calloc(sizeof(MdnsConfig));
 
@@ -462,19 +462,20 @@ static int mdnsMatcherCreate(AppIdConfig* pConfig)
             (char*)patterns[i].pattern, patterns[i].length, &patterns[i]);
 
     pMdnsConfig->mdnsMatcher->prep();
-    pConfig->add_generic_config_element(svc_element.name, pMdnsConfig);
+    pAppidActiveConfig->add_generic_config_element(svc_element.name, pMdnsConfig);
     return 1;
 }
 
-static void mdnsMatcherDestroy(AppIdConfig* pConfig)
+static void mdnsMatcherDestroy()
 {
-    MdnsConfig* pMdnsConfig = (MdnsConfig*)pConfig->find_generic_config_element(svc_element.name);
+    MdnsConfig* pMdnsConfig =
+            (MdnsConfig*)pAppidActiveConfig->find_generic_config_element(svc_element.name);
     MatchedPatterns* node;
     if (pMdnsConfig->mdnsMatcher)
         delete pMdnsConfig->mdnsMatcher;
     pMdnsConfig->mdnsMatcher = nullptr;
 
-    mdnsMatchListDestroy(pConfig);
+    mdnsMatchListDestroy();
 
     while ((node = patternFreeList))
     {
@@ -482,7 +483,7 @@ static void mdnsMatcherDestroy(AppIdConfig* pConfig)
         snort_free(node);
     }
     snort_free(pMdnsConfig);
-    pConfig->remove_generic_config_element(svc_element.name);
+    pAppidActiveConfig->remove_generic_config_element(svc_element.name);
 }
 
 static int mdns_pattern_match(void* id, void*, int index, void* data, void*)
@@ -531,7 +532,7 @@ static unsigned mdnsMatchListCreate(const char* data, uint16_t dataSize, const
         svc_element.name);
 
     if (pMdnsConfig->patternList)
-        mdnsMatchListDestroy(pConfig);
+        mdnsMatchListDestroy();
 
     pMdnsConfig->mdnsMatcher->find_all(
         (char*)data, dataSize, mdns_pattern_match, false, (void*)&pMdnsConfig->patternList);
@@ -568,12 +569,12 @@ static void mdnsMatchListFind(const char* dataPtr, uint16_t index, const char**
     *pattern_length = 0;
 }
 
-static void mdnsMatchListDestroy(const AppIdConfig* pConfig)
+static void mdnsMatchListDestroy()
 {
     MatchedPatterns* element;
 
-    MdnsConfig* pMdnsConfig = (MdnsConfig*)((AppIdConfig*)pConfig)->find_generic_config_element(
-        svc_element.name);
+    MdnsConfig* pMdnsConfig =
+            (MdnsConfig*)pAppidActiveConfig->find_generic_config_element(svc_element.name);
     while (pMdnsConfig->patternList)
     {
         element = pMdnsConfig->patternList;
@@ -584,8 +585,8 @@ static void mdnsMatchListDestroy(const AppIdConfig* pConfig)
     }
 }
 
-static void MDNS_clean(const CleanServiceAPI* const clean_api)
+static void MDNS_clean()
 {
-    mdnsMatcherDestroy(clean_api->pAppidConfig);
+    mdnsMatcherDestroy();
 }
 

diff --git a/src/network_inspectors/appid/service_plugins/service_mysql.cc b/src/network_inspectors/appid/service_plugins/service_mysql.cc
index e0c3d772902e0365c544759e75f4aca27b151533..cc1e76d529e42149cbe353bd50d36cd8723b4891 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_mysql.cc
+++ b/src/network_inspectors/appid/service_plugins/service_mysql.cc
@@ -92,7 +92,7 @@ static int svc_mysql_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&svc_mysql_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.cc b/src/network_inspectors/appid/service_plugins/service_netbios.cc
index f61124005c240562c93544d1b434e173733c57e0..1b35736d17307dc3973177abd2e50e245681796a 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_netbios.cc
+++ b/src/network_inspectors/appid/service_plugins/service_netbios.cc
@@ -347,23 +347,19 @@ RNAServiceValidationModule netbios_service_mod
 static int netbios_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&nbss_validate, IpProtocol::TCP, NB_SMB_BANNER,
-        sizeof(NB_SMB_BANNER),
-        -1, "netbios", init_api->pAppidConfig);
+        sizeof(NB_SMB_BANNER), -1, "netbios");
 
     DebugFormat(DEBUG_INSPECTOR,"registering appId: %d for NetBIOS-ns\n",APP_ID_NETBIOS_NS);
-    init_api->RegisterAppId(&nbns_validate, APP_ID_NETBIOS_NS, APPINFO_FLAG_SERVICE_UDP_REVERSED,
-        init_api->pAppidConfig);
+    init_api->RegisterAppId(&nbns_validate, APP_ID_NETBIOS_NS, APPINFO_FLAG_SERVICE_UDP_REVERSED);
 
     DebugFormat(DEBUG_INSPECTOR,"registering appId: %d for NetBIOS-dgm\n",APP_ID_NETBIOS_DGM);
-    init_api->RegisterAppId(&nbdgm_validate, APP_ID_NETBIOS_DGM, APPINFO_FLAG_SERVICE_ADDITIONAL,
-        init_api->pAppidConfig);
+    init_api->RegisterAppId(&nbdgm_validate, APP_ID_NETBIOS_DGM, APPINFO_FLAG_SERVICE_ADDITIONAL);
 
     DebugFormat(DEBUG_INSPECTOR,"registering appId: %d for NetBIOS-ssn\n",APP_ID_NETBIOS_SSN);
-    init_api->RegisterAppId(&nbss_validate, APP_ID_NETBIOS_SSN, APPINFO_FLAG_SERVICE_ADDITIONAL,
-        init_api->pAppidConfig);
+    init_api->RegisterAppId(&nbss_validate, APP_ID_NETBIOS_SSN, APPINFO_FLAG_SERVICE_ADDITIONAL);
 
     DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",APP_ID_DCE_RPC);
-    init_api->RegisterAppId(&nbss_validate, APP_ID_DCE_RPC, 0, init_api->pAppidConfig);
+    init_api->RegisterAppId(&nbss_validate, APP_ID_DCE_RPC, 0);
 
     return 0;
 }

diff --git a/src/network_inspectors/appid/service_plugins/service_nntp.cc b/src/network_inspectors/appid/service_plugins/service_nntp.cc
index 0080600ee2213a5ed82ff26531eb51b63fef1a88..07a8cc986731f33a0e19215dc6fc113f44de5581 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_nntp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_nntp.cc
@@ -105,16 +105,16 @@ static AppRegistryEntry appIdRegistry[] =
 static int nntp_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&nntp_validate, IpProtocol::TCP, (uint8_t*)NNTP_PATTERN1,
-        sizeof(NNTP_PATTERN1)-1, 0, "nntp", init_api->pAppidConfig);
+        sizeof(NNTP_PATTERN1)-1, 0, "nntp");
     init_api->RegisterPattern(&nntp_validate, IpProtocol::TCP, (uint8_t*)NNTP_PATTERN2,
-        sizeof(NNTP_PATTERN2)-1, 0, "nntp", init_api->pAppidConfig);
+        sizeof(NNTP_PATTERN2)-1, 0, "nntp");
 
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&nntp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_ntp.cc b/src/network_inspectors/appid/service_plugins/service_ntp.cc
index ad85c81366c5d40c90010b75abe6b2784d981f09..427fba10a3d589b3fcf1a99f6355f919874f1689 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ntp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ntp.cc
@@ -104,7 +104,7 @@ static int ntp_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&ntp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_radius.cc b/src/network_inspectors/appid/service_plugins/service_radius.cc
index 6613a7fd93db34596596fdac05e1d01f1a6cb3c0..86ec577993da96fee25df6d7ee58511e39b414e1 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_radius.cc
+++ b/src/network_inspectors/appid/service_plugins/service_radius.cc
@@ -122,7 +122,7 @@ static int radius_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&radius_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc
index 68a3b5ab84892167ee3b57a9b3f235b1e0be2de6..35b9b7afb2ff5ff961c16eea88bab37fed4a820d 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rexec.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc
@@ -113,7 +113,7 @@ static int rexec_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&rexec_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rfb.cc b/src/network_inspectors/appid/service_plugins/service_rfb.cc
index 5e1c7578ac0d3317e0d3a20671a8a3bcfbee8aba..11d06997e25e6deac36aef21d5dbde2ae7473e59 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rfb.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rfb.cc
@@ -80,13 +80,13 @@ static AppRegistryEntry appIdRegistry[] =
 static int rfb_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&rfb_validate, IpProtocol::TCP, (uint8_t*)RFB_BANNER,
-        sizeof(RFB_BANNER) - 1, 0, "rfb", init_api->pAppidConfig);
+        sizeof(RFB_BANNER) - 1, 0, "rfb");
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&rfb_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rlogin.cc b/src/network_inspectors/appid/service_plugins/service_rlogin.cc
index e3b08f647c41c0bae5406fdafb41ee8ea45cc1f1..b467beab755d60326908377b01e05379fd36f383 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rlogin.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rlogin.cc
@@ -88,7 +88,7 @@ static int rlogin_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&rlogin_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc
index fe7d4dc8f381bc247cd65957b299b30ed8659093..0f8d25d1753438874de34608ae792a5e9f1bb33a 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rpc.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc
@@ -264,20 +264,20 @@ static int rpc_init(const IniServiceAPI* const init_api)
     }
 
     init_api->RegisterPattern(&rpc_tcp_validate, IpProtocol::TCP, rpc_reply_accepted_pattern,
-        sizeof(rpc_reply_accepted_pattern), 8, "rpc", init_api->pAppidConfig);
+        sizeof(rpc_reply_accepted_pattern), 8, "rpc");
     init_api->RegisterPattern(&rpc_tcp_validate, IpProtocol::TCP, rpc_reply_denied_pattern,
-        sizeof(rpc_reply_denied_pattern), 8, "rpc", init_api->pAppidConfig);
+        sizeof(rpc_reply_denied_pattern), 8, "rpc");
     init_api->RegisterPattern(&rpc_validate, IpProtocol::UDP, rpc_reply_accepted_pattern,
-        sizeof(rpc_reply_accepted_pattern), 4, "rpc", init_api->pAppidConfig);
+        sizeof(rpc_reply_accepted_pattern), 4, "rpc");
     init_api->RegisterPattern(&rpc_validate, IpProtocol::UDP, rpc_reply_denied_pattern,
-        sizeof(rpc_reply_denied_pattern), 4, "rpc", init_api->pAppidConfig);
+        sizeof(rpc_reply_denied_pattern), 4, "rpc");
 
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&rpc_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc
index 4b334cab23717d071469b7847ed215117f4700e4..6a57a9bce562daac529a713774f499a1dcfe7796 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rshell.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc
@@ -105,7 +105,7 @@ static int rshell_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&rshell_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rsync.cc b/src/network_inspectors/appid/service_plugins/service_rsync.cc
index 0ab4fbcc8d1b611fc762a1301865d8973f7a787b..ebeae0f3a0ea5434aae7d326314b75d748620850 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rsync.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rsync.cc
@@ -87,13 +87,13 @@ static AppRegistryEntry appIdRegistry[] =
 static int rsync_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&rsync_validate, IpProtocol::TCP, (uint8_t*)RSYNC_BANNER,
-        sizeof(RSYNC_BANNER)-1, 0, "rsync", init_api->pAppidConfig);
+        sizeof(RSYNC_BANNER)-1, 0, "rsync");
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_INSPECTOR,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&rsync_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_rtmp.cc b/src/network_inspectors/appid/service_plugins/service_rtmp.cc
index 2d13807dea08eb03aa251eedb4ecc074f86380d0..2beb7bfc35f30beb6fc6b69b3cfd895fa4fa1b9a 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rtmp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rtmp.cc
@@ -126,7 +126,7 @@ static int rtmp_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_INSPECTOR, "registering appId: %d\n", appIdRegistry[i].appId);
         init_api->RegisterAppId(&rtmp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
     return 0;
 }

diff --git a/src/network_inspectors/appid/service_plugins/service_smtp.cc b/src/network_inspectors/appid/service_plugins/service_smtp.cc
index ad39b391162474060bd1cb93dd66655a423bb365..89aeddfc8d3a1703525b9f7287fe124f59e72440 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_smtp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_smtp.cc
@@ -107,20 +107,20 @@ static int smtp_init(const IniServiceAPI* const init_api)
     const char SMTP_PATTERN4[] = "smtp";
 
     init_api->RegisterPattern(&smtp_validate, IpProtocol::TCP, (uint8_t*)SMTP_PATTERN1,
-        sizeof(SMTP_PATTERN1) - 1, 0, "smtp", init_api->pAppidConfig);
+        sizeof(SMTP_PATTERN1) - 1, 0, "smtp");
     init_api->RegisterPattern(&smtp_validate, IpProtocol::TCP, (uint8_t*)SMTP_PATTERN2,
-        sizeof(SMTP_PATTERN2) - 1, 0, "smtp", init_api->pAppidConfig);
+        sizeof(SMTP_PATTERN2) - 1, 0, "smtp");
     init_api->RegisterPattern(&smtp_validate, IpProtocol::TCP, (uint8_t*)SMTP_PATTERN3,
-        sizeof(SMTP_PATTERN3) - 1, -1, "smtp", init_api->pAppidConfig);
+        sizeof(SMTP_PATTERN3) - 1, -1, "smtp");
     init_api->RegisterPattern(&smtp_validate, IpProtocol::TCP, (uint8_t*)SMTP_PATTERN4,
-        sizeof(SMTP_PATTERN4) - 1, -1, "smtp", init_api->pAppidConfig);
+        sizeof(SMTP_PATTERN4) - 1, -1, "smtp");
 
     unsigned i;
     for (i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&smtp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc
index 78af2d1b1200672d92eb9aee87ace2b3926c21bb..8dd44c1f48abc94ec9d593392b7e39dc1432c57d 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_snmp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc
@@ -136,29 +136,29 @@ static int snmp_init(const IniServiceAPI* const init_api)
     app_id = AddProtocolReference("snmp");
 
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_2,
-        sizeof(SNMP_PATTERN_2), 2, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_2), 2, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_3,
-        sizeof(SNMP_PATTERN_3), 2, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_3), 2, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_4,
-        sizeof(SNMP_PATTERN_4), 2, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_4), 2, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_2,
-        sizeof(SNMP_PATTERN_2), 3, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_2), 3, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_3,
-        sizeof(SNMP_PATTERN_3), 3, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_3), 3, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_4,
-        sizeof(SNMP_PATTERN_4), 3, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_4), 3, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_2,
-        sizeof(SNMP_PATTERN_2), 4, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_2), 4, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_3,
-        sizeof(SNMP_PATTERN_3),  4, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_3),  4, "snmp");
     init_api->RegisterPattern(&snmp_validate, IpProtocol::UDP, SNMP_PATTERN_4,
-        sizeof(SNMP_PATTERN_4), 4, "snmp", init_api->pAppidConfig);
+        sizeof(SNMP_PATTERN_4), 4, "snmp");
 
     for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&snmp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_ssh.cc b/src/network_inspectors/appid/service_plugins/service_ssh.cc
index 04c2095c1bc702a2472678e1f87222ae00efc8fa..2f0e2bb12644e8f608649c450bddec6993a5df90 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssh.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssh.cc
@@ -171,12 +171,12 @@ static const AppRegistryEntry appIdRegistry[] =
 static int ssh_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&ssh_validate, IpProtocol::TCP, (uint8_t*)SSH_BANNER,
-        sizeof(SSH_BANNER) - 1, 0, "ssh", init_api->pAppidConfig);
+        sizeof(SSH_BANNER) - 1, 0, "ssh");
     for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&ssh_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
     return 0;
 }

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 10354c4daf457a130ba02714d40483ad5e63e0cb..5122170c90db60b57b6c8d56984352ee1a56ae75 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -186,6 +186,16 @@ struct ServiceSSLV2Hdr
     uint16_t conn_len;
 };
 
+struct ServiceSslConfig
+{
+    DetectorSSLCertPattern* DetectorSSLCertPatternList;
+    DetectorSSLCertPattern* DetectorSSLCnamePatternList;
+    SearchTool* ssl_host_matcher;
+    SearchTool* ssl_cname_matcher;
+};
+
+static THREAD_LOCAL ServiceSslConfig service_ssl_config;
+
 #pragma pack()
 
 /* Convert 3-byte lengths in TLS headers to integers. */
@@ -238,14 +248,14 @@ static int ssl_detector_create_matcher(SearchTool** matcher, DetectorSSLCertPatt
     return 1;
 }
 
-int ssl_detector_process_patterns(ServiceSslConfig* pSslConfig)
+int ssl_detector_process_patterns()
 {
     int retVal = 1;
-    if (!ssl_detector_create_matcher(&pSslConfig->ssl_host_matcher,
-        pSslConfig->DetectorSSLCertPatternList))
+    if (!ssl_detector_create_matcher(&service_ssl_config.ssl_host_matcher,
+        service_ssl_config.DetectorSSLCertPatternList))
         retVal = 0;
-    if (!ssl_detector_create_matcher(&pSslConfig->ssl_cname_matcher,
-        pSslConfig->DetectorSSLCnamePatternList))
+    if (!ssl_detector_create_matcher(&service_ssl_config.ssl_cname_matcher,
+        service_ssl_config.DetectorSSLCnamePatternList))
         retVal = 0;
     return retVal;
 }
@@ -322,20 +332,20 @@ static const AppRegistryEntry appIdRegistry[] =
 static int ssl_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&ssl_validate, IpProtocol::TCP, SSL_PATTERN_PCT,
-        sizeof(SSL_PATTERN_PCT), 2, "ssl", init_api->pAppidConfig);
+        sizeof(SSL_PATTERN_PCT), 2, "ssl");
     init_api->RegisterPattern(&ssl_validate, IpProtocol::TCP, SSL_PATTERN3_0,
-        sizeof(SSL_PATTERN3_0), 0, "ssl", init_api->pAppidConfig);
+        sizeof(SSL_PATTERN3_0), 0, "ssl");
     init_api->RegisterPattern(&ssl_validate, IpProtocol::TCP, SSL_PATTERN3_1,
-        sizeof(SSL_PATTERN3_1), 0, "ssl", init_api->pAppidConfig);
+        sizeof(SSL_PATTERN3_1), 0, "ssl");
     init_api->RegisterPattern(&ssl_validate, IpProtocol::TCP, SSL_PATTERN3_2,
-        sizeof(SSL_PATTERN3_2), 0, "ssl", init_api->pAppidConfig);
+        sizeof(SSL_PATTERN3_2), 0, "ssl");
     init_api->RegisterPattern(&ssl_validate, IpProtocol::TCP, SSL_PATTERN3_3,
-        sizeof(SSL_PATTERN3_3), 0, "ssl", init_api->pAppidConfig);
+        sizeof(SSL_PATTERN3_3), 0, "ssl");
     for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&ssl_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;
@@ -1057,29 +1067,29 @@ static int ssl_scan_patterns(SearchTool* matcher, const uint8_t* pattern, size_t
     return 1;
 }
 
-int ssl_scan_hostname(const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId,
-    ServiceSslConfig* pSslConfig)
+int ssl_scan_hostname(const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId)
 {
-    return ssl_scan_patterns(pSslConfig->ssl_host_matcher, pattern, size, ClientAppId, payloadId);
+    return ssl_scan_patterns(service_ssl_config.ssl_host_matcher, pattern, size, ClientAppId, payloadId);
 }
 
-int ssl_scan_cname(const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId,
-    ServiceSslConfig* pSslConfig)
+int ssl_scan_cname(const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId)
 {
-    return ssl_scan_patterns(pSslConfig->ssl_cname_matcher, pattern, size, ClientAppId, payloadId);
+    return ssl_scan_patterns(service_ssl_config.ssl_cname_matcher, pattern, size, ClientAppId, payloadId);
 }
 
-void service_ssl_clean(ServiceSslConfig* pSslConfig)
+void service_ssl_clean()
 {
-    if (pSslConfig->ssl_host_matcher)
+    ssl_detector_free_patterns();
+
+    if (service_ssl_config.ssl_host_matcher)
     {
-        delete pSslConfig->ssl_host_matcher;
-        pSslConfig->ssl_host_matcher = nullptr;
+        delete service_ssl_config.ssl_host_matcher;
+        service_ssl_config.ssl_host_matcher = nullptr;
     }
-    if (pSslConfig->ssl_cname_matcher)
+    if (service_ssl_config.ssl_cname_matcher)
     {
-        delete pSslConfig->ssl_cname_matcher;
-        pSslConfig->ssl_cname_matcher = nullptr;
+        delete service_ssl_config.ssl_cname_matcher;
+        service_ssl_config.ssl_cname_matcher = nullptr;
     }
 }
 
@@ -1101,17 +1111,15 @@ static int ssl_add_pattern(DetectorSSLCertPattern** list, uint8_t* pattern_str,
     return 1;
 }
 
-int ssl_add_cert_pattern(uint8_t* pattern_str, size_t pattern_size, uint8_t type, AppId app_id,
-    ServiceSslConfig* pSslConfig)
+int ssl_add_cert_pattern(uint8_t* pattern_str, size_t pattern_size, uint8_t type, AppId app_id)
 {
-    return ssl_add_pattern(&pSslConfig->DetectorSSLCertPatternList, pattern_str, pattern_size,
+    return ssl_add_pattern(&service_ssl_config.DetectorSSLCertPatternList, pattern_str, pattern_size,
         type, app_id);
 }
 
-int ssl_add_cname_pattern(uint8_t* pattern_str, size_t pattern_size, uint8_t type, AppId app_id,
-    ServiceSslConfig* pSslConfig)
+int ssl_add_cname_pattern(uint8_t* pattern_str, size_t pattern_size, uint8_t type, AppId app_id)
 {
-    return ssl_add_pattern(&pSslConfig->DetectorSSLCnamePatternList, pattern_str, pattern_size,
+    return ssl_add_pattern(&service_ssl_config.DetectorSSLCnamePatternList, pattern_str, pattern_size,
         type, app_id);
 }
 
@@ -1132,10 +1140,10 @@ static void ssl_patterns_free(DetectorSSLCertPattern** list)
     }
 }
 
-void ssl_detector_free_patterns(ServiceSslConfig* pSslConfig)
+void ssl_detector_free_patterns()
 {
-    ssl_patterns_free(&pSslConfig->DetectorSSLCertPatternList);
-    ssl_patterns_free(&pSslConfig->DetectorSSLCnamePatternList);
+    ssl_patterns_free(&service_ssl_config.DetectorSSLCertPatternList);
+    ssl_patterns_free(&service_ssl_config.DetectorSSLCnamePatternList);
 }
 
 bool setSSLSquelch(Packet* p, int type, AppId appId)
@@ -1144,7 +1152,7 @@ bool setSSLSquelch(Packet* p, int type, AppId appId)
     const sfip_t* dip;
     AppIdSession* f;
 
-    if (!appInfoEntryFlagGet(appId, APPINFO_FLAG_SSL_SQUELCH, pAppidActiveConfig))
+    if (!appInfoEntryFlagGet(appId, APPINFO_FLAG_SSL_SQUELCH))
         return false;
 
     dip = p->ptrs.ip_api.get_dst();

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.h b/src/network_inspectors/appid/service_plugins/service_ssl.h
index 1b8c45c89ea3e8a54280834f45494204cba913d3..aeede81142fbd8796485cbe3536c04af88f98c6c 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.h
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.h
@@ -28,13 +28,13 @@
 extern struct RNAServiceValidationModule ssl_service_mod;
 AppId getSslServiceAppId(short srcPort);
 bool isSslServiceAppId(AppId);
-void service_ssl_clean(ServiceSslConfig*);
-int ssl_detector_process_patterns(ServiceSslConfig*);
-int ssl_scan_hostname(const uint8_t*, size_t, AppId*, AppId*, ServiceSslConfig*);
-int ssl_scan_cname(const uint8_t*, size_t, AppId*, AppId*, ServiceSslConfig*);
-int ssl_add_cert_pattern(uint8_t*, size_t, uint8_t, AppId, ServiceSslConfig*);
-int ssl_add_cname_pattern(uint8_t*, size_t, uint8_t, AppId, ServiceSslConfig*);
-void ssl_detector_free_patterns(ServiceSslConfig*);
+void service_ssl_clean();
+int ssl_detector_process_patterns();
+int ssl_scan_hostname(const uint8_t*, size_t, AppId*, AppId*);
+int ssl_scan_cname(const uint8_t*, size_t, AppId*, AppId*);
+int ssl_add_cert_pattern(uint8_t*, size_t, uint8_t, AppId);
+int ssl_add_cname_pattern(uint8_t*, size_t, uint8_t, AppId);
+void ssl_detector_free_patterns();
 bool setSSLSquelch(Packet*, int type, AppId);
 
 #endif

diff --git a/src/network_inspectors/appid/service_plugins/service_telnet.cc b/src/network_inspectors/appid/service_plugins/service_telnet.cc
index f8b225e5eee29eebe20f641f8b1cad510f8890a0..9dd0f41972f8b3ac20e9371c135d70a61cd614e2 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_telnet.cc
+++ b/src/network_inspectors/appid/service_plugins/service_telnet.cc
@@ -115,7 +115,7 @@ static int telnet_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&telnet_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc
index d766e99f92fc5b0bb8586a7a2e1c6332d168c6e8..1500fd8328c592d6942fdb52b4da24aca16d9bf9 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_tftp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc
@@ -123,7 +123,7 @@ static int tftp_init(const IniServiceAPI* const init_api)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&tftp_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_timbuktu.cc b/src/network_inspectors/appid/service_plugins/service_timbuktu.cc
index 8a2efccd74f27103ecfc5365236b453be830a1f8..7717b015fc984638eee0a76d352c62be9d592300 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_timbuktu.cc
+++ b/src/network_inspectors/appid/service_plugins/service_timbuktu.cc
@@ -100,14 +100,14 @@ static const AppRegistryEntry appIdRegistry[] =
 
 static int timbuktu_init(const IniServiceAPI* const init_api)
 {
-    init_api->RegisterPattern(&timbuktu_validate, IpProtocol::TCP, (const
-        uint8_t*)TIMBUKTU_BANNER,
-        sizeof(TIMBUKTU_BANNER)-1, 0, svc_name, init_api->pAppidConfig);
+    init_api->RegisterPattern(&timbuktu_validate, IpProtocol::TCP,
+            (const uint8_t*)TIMBUKTU_BANNER, sizeof(TIMBUKTU_BANNER) - 1,
+            0, svc_name);
     for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&timbuktu_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_plugins/service_tns.cc b/src/network_inspectors/appid/service_plugins/service_tns.cc
index 557cd1b02b67e62b647f498c87fe0d2c59c37801..d66776281a3535e27360a9cd9dea99095d7bd3c9 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_tns.cc
+++ b/src/network_inspectors/appid/service_plugins/service_tns.cc
@@ -129,12 +129,12 @@ static const AppRegistryEntry appIdRegistry[] =
 static int tns_init(const IniServiceAPI* const init_api)
 {
     init_api->RegisterPattern(&tns_validate, IpProtocol::TCP, (const uint8_t*)TNS_BANNER,
-        TNS_BANNER_LEN, 2, svc_name, init_api->pAppidConfig);
+        TNS_BANNER_LEN, 2, svc_name);
     for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
     {
         DebugFormat(DEBUG_LOG,"registering appId: %d\n",appIdRegistry[i].appId);
         init_api->RegisterAppId(&tns_validate, appIdRegistry[i].appId,
-            appIdRegistry[i].additionalInfo, init_api->pAppidConfig);
+            appIdRegistry[i].additionalInfo);
     }
 
     return 0;

diff --git a/src/network_inspectors/appid/service_state.cc b/src/network_inspectors/appid/service_state.cc
index 69fb0e47acba45c48971856b4d2a1135d2c65135..6ea30ca2d433becd466f6329b79f55f2c7df4efc 100644 (file)
--- a/src/network_inspectors/appid/service_state.cc
+++ b/src/network_inspectors/appid/service_state.cc
@@ -28,8 +28,8 @@
 
 /*#define DEBUG_SERVICE_STATE 1*/
 
-static SFXHASH* serviceStateCache4;
-static SFXHASH* serviceStateCache6;
+static THREAD_LOCAL SFXHASH* serviceStateCache4;
+static THREAD_LOCAL SFXHASH* serviceStateCache6;
 
 #define SERVICE_STATE_CACHE_ROWS    65536
 
@@ -45,7 +45,7 @@ static int AppIdServiceStateFree(void*, void* data)
     return 0;
 }
 
-int AppIdServiceStateInit(unsigned long memcap)
+int init_service_state(unsigned long memcap)
 {
     serviceStateCache4 = sfxhash_new(SERVICE_STATE_CACHE_ROWS,
         sizeof(AppIdServiceStateKey4),
@@ -76,7 +76,7 @@ int AppIdServiceStateInit(unsigned long memcap)
     return 0;
 }
 
-void AppIdServiceStateCleanup(void)
+void clean_service_state(void)
 {
     if (serviceStateCache4)
     {

diff --git a/src/network_inspectors/appid/service_state.h b/src/network_inspectors/appid/service_state.h
index bb2747a5d7e8e81d609d68b92d9d92b84e72301f..cfbb57b25748cd30416a7c9ab9f27d4c76883abf 100644 (file)
--- a/src/network_inspectors/appid/service_state.h
+++ b/src/network_inspectors/appid/service_state.h
@@ -125,8 +125,8 @@ union AppIdServiceStateKey
     AppIdServiceStateKey6 key6;
 };
 
-int AppIdServiceStateInit(unsigned long memcap);
-void AppIdServiceStateCleanup();
+int init_service_state(unsigned long memcap);
+void clean_service_state();
 void AppIdRemoveServiceIDState(sfip_t*, IpProtocol proto, uint16_t port, uint32_t level);
 AppIdServiceIDState* AppIdGetServiceIDState( const sfip_t*, IpProtocol proto, uint16_t port, uint32_t level);
 AppIdServiceIDState* AppIdAddServiceIDState( const sfip_t*, IpProtocol proto, uint16_t port, uint32_t level);

diff --git a/tools/snort2lua/preprocessor_states/pps_appid.cc b/tools/snort2lua/preprocessor_states/pps_appid.cc
index ec429a8d16f775f408f91979f511fd836afe0686..0c14c6e25115f301bbb767513e4d5c76e984eefc 100644 (file)
--- a/tools/snort2lua/preprocessor_states/pps_appid.cc
+++ b/tools/snort2lua/preprocessor_states/pps_appid.cc
@@ -92,7 +92,7 @@ bool AppId::convert(std::istringstream& data_stream)
             std::string file_name;
             if (arg_stream >> file_name)
             {
-                tmpval = table_api.add_option("app_stats_filename", file_name);
+                tmpval = table_api.add_option("log_stats", true);
             }
             else
             {