// If api was not stored in the stash, delete it. An example would be when an appid future
// session is created, but it doesn't get attached to a snort flow (because the packets for the
// future session were never received by snort), api object is not stored in the stash.
- if (!api.stored_in_stash)
+ if (!api.flags.stored_in_stash)
delete &api;
else
api.asd = nullptr;
void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, const Packet& p,
bool is_httpx, uint32_t httpx_stream_index)
{
- if (!api.stored_in_stash)
+ if (!api.flags.stored_in_stash)
{
assert(p.flow and p.flow->stash);
p.flow->stash->store(STASH_APPID_DATA, &api, false);
- api.stored_in_stash = true;
+ api.flags.stored_in_stash = true;
}
- if (!api.published)
+ if (!api.flags.published)
{
change_bits.set(APPID_CREATED_BIT);
- api.published = true;
+ api.flags.published = true;
}
if (consumed_ha_data)
consumed_ha_data = false;
}
+ if (!(api.flags.finished || api.is_appid_inspecting_session()))
+ {
+ change_bits.set(APPID_DISCOVERY_FINISHED_BIT);
+ api.flags.finished = true;
+ }
+
if (change_bits.none())
return;
const char* AppIdSessionApi::get_user_info(AppId& service, bool& login) const
{
service = client.get_user_id();
- login = user_logged_in;
+ login = flags.user_logged_in;
return client.get_username();
}
return session_id;
}
- void set_user_logged_in() { user_logged_in = true; }
+ void set_user_logged_in() { flags.user_logged_in = true; }
- void clear_user_logged_in() { user_logged_in = false; }
+ void clear_user_logged_in() { flags.user_logged_in = false; }
protected:
AppIdSessionApi(const AppIdSession* asd, const SfIp& ip);
const AppIdSession* asd = nullptr;
AppId application_ids[APP_PROTOID_MAX] =
{ APP_ID_NONE, APP_ID_NONE, APP_ID_NONE, APP_ID_NONE, APP_ID_NONE };
- bool published = false;
- bool stored_in_stash = false;
+ struct
+ {
+ bool published : 1;
+ bool stored_in_stash : 1;
+ bool finished : 1;
+ bool user_logged_in : 1;
+ } flags = {};
std::vector<AppIdHttpSession*> hsessions;
AppIdDnsSession* dsession = nullptr;
snort::SfIp initiator_ip;
char* netbios_name = nullptr;
char* netbios_domain = nullptr;
std::string session_id;
- bool user_logged_in = false;
// Following two fields are used only for non-http sessions. For HTTP traffic,
// these fields are maintained inside AppIdHttpSession.
CHECK_EQUAL(service, APPID_UT_ID);
CHECK_EQUAL(client, APPID_UT_ID);
CHECK_EQUAL(payload, APPID_UT_ID);
- STRCMP_EQUAL("Published change_bits == 0000000000000000000", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000000000000", test_log);
service = APP_ID_NONE;
client = APP_ID_NONE;
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
- STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits);
mock_session->tsession->set_tls_cname("www.cisco.com", 13, change_bits);
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco");
- STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
string host = "";
val = appid_api.ssl_app_group_id_lookup(flow, (const char*)(host.c_str()), nullptr,
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Google");
- STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
// Override client id found by SSL pattern matcher with the client id provided by
// Encrypted Visibility Engine if available
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
- STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
mock().checkExpectations();
}
// Detect changes in service, client, payload, and misc appid
mock().checkExpectations();
- STRCMP_EQUAL("Published change_bits == 0000000000001111100", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000001111100", test_log);
delete &asd->get_api();
delete asd;
// Detect changes in service, client, payload, and misc appid
mock().checkExpectations();
- STRCMP_EQUAL("Published change_bits == 0000000000001111100", test_log);
+ STRCMP_EQUAL("Published change_bits == 00000000000001111100", test_log);
delete &asd->get_api();
delete asd;
delete flow;
change_bits_to_string(change_bits, str);
STRCMP_EQUAL(str.c_str(), "created, reset, service, client, payload, misc, referred, host,"
" tls-host, url, user-agent, response, referrer, dns-host, service-info, client-info,"
- " user-info, netbios-name, netbios-domain");
+ " user-info, netbios-name, netbios-domain, finished");
// Failure of this test is a reminder that enum is changed, hence translator needs update
- CHECK_EQUAL(APPID_MAX_BIT, 19);
+ CHECK_EQUAL(APPID_MAX_BIT, 20);
}
int main(int argc, char** argv)
APPID_USER_INFO_BIT,
APPID_NETBIOS_NAME_BIT,
APPID_NETBIOS_DOMAIN_BIT,
+ APPID_DISCOVERY_FINISHED_BIT,
APPID_MAX_BIT
};
--n? str.append("netbios-name, ") : str.append("netbios-name");
if (change_bits.test(APPID_NETBIOS_DOMAIN_BIT))
--n? str.append("netbios-domain, ") : str.append("netbios-domain");
+ if (change_bits.test(APPID_DISCOVERY_FINISHED_BIT))
+ --n? str.append("finished, ") : str.append("finished");
if (n != 0) // make sure all bits from AppidChangeBit enum get translated
str.append("change_bits_to_string error!");
}
projects / thirdparty / snort3.git / commitdiff
