+set (SSL_INCLUDES
+ ssl_flow_data.h
+)
set( FILE_LIST
ips_ssl_state.cc
ssl_config.h
ssl_inspector.cc
ssl_inspector.h
+ ssl_flow_data.cc
ssl_module.cc
ssl_module.h
ssl_splitter.cc
ssl_splitter.h
+ ${SSL_INCLUDES}
)
# can't be be linked dynamically yet
#endif (STATIC_INSPECTORS)
+install(FILES ${SSL_INCLUDES}
+ DESTINATION "${INCLUDE_INSTALL_PATH}/service_inspectors/ssl/"
+)
if (!pkt->flow)
return NO_MATCH;
- SSLData* sd = get_ssl_session_data(pkt->flow);
+ SSLData* sd = SslBaseFlowData::get_ssl_session_data(pkt->flow);
if (!sd)
return NO_MATCH;
if (!pkt->flow)
return NO_MATCH;
- SSLData* sd = get_ssl_session_data(pkt->flow);
+ SSLData* sd = SslBaseFlowData::get_ssl_session_data(pkt->flow);
if (!sd)
return NO_MATCH;
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2015-2021 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <flow/flow.h>
+#include "ssl_flow_data.h"
+
+unsigned SslBaseFlowData::inspector_id = 0;
+
+SSLData* SslBaseFlowData::get_ssl_session_data(snort::Flow* flow)
+{
+ SslBaseFlowData* fd = (SslBaseFlowData*)flow->get_flow_data(SslBaseFlowData::inspector_id);
+ return fd ? &fd->get_session() : nullptr;
+}
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2021 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+#ifndef SSL_FLOW_DATA_H
+#define SSL_FLOW_DATA_H
+
+#include "flow/flow_data.h"
+
+#define GID_SSL 137
+
+#define SSL_INVALID_CLIENT_HELLO 1
+#define SSL_INVALID_SERVER_HELLO 2
+#define SSL_ALERT_HB_REQUEST 3
+#define SSL_ALERT_HB_RESPONSE 4
+
+struct SSLData
+{
+ uint32_t ssn_flags;
+ uint16_t partial_rec_len[4];
+};
+
+namespace snort
+{
+ class Flow;
+}
+
+class SO_PUBLIC SslBaseFlowData : public snort::FlowData
+{
+public:
+ SslBaseFlowData() : snort::FlowData(inspector_id) {}
+
+ virtual SSLData& get_session() = 0;
+
+public:
+ static SSLData* get_ssl_session_data(snort::Flow* flow);
+ static unsigned get_ssl_inspector_id() { return inspector_id; }
+
+protected:
+ static void assign_ssl_inspector_id(unsigned u) { inspector_id = u; }
+
+private:
+ static unsigned inspector_id;
+};
+
+#endif
using namespace snort;
+#define SSLPP_ENCRYPTED_FLAGS \
+ (SSL_HS_SDONE_FLAG | SSL_CLIENT_KEYX_FLAG | \
+ SSL_CAPP_FLAG | SSL_SAPP_FLAG)
+#define SSLPP_ENCRYPTED_FLAGS2 \
+ (SSL_HS_SDONE_FLAG | SSL_CHANGE_CIPHER_FLAG | \
+ SSL_CAPP_FLAG | SSL_SAPP_FLAG)
+
THREAD_LOCAL ProfileStats sslPerfStats;
THREAD_LOCAL SslStats sslstats;
-unsigned SslFlowData::inspector_id = 0;
-
const PegInfo ssl_peg_names[] =
{
{ CountType::SUM, "packets", "total packets processed" },
{ CountType::END, nullptr, nullptr }
};
-SslFlowData::SslFlowData() : FlowData(inspector_id)
+SslFlowData::SslFlowData() : SslBaseFlowData()
{
memset(&session, 0, sizeof(session));
finalize_info = {};
{
SslFlowData* fd = new SslFlowData;
p->flow->set_flow_data(fd);
- return &fd->session;
-}
-
-SSLData* get_ssl_session_data(Flow* flow)
-{
- SslFlowData* fd = (SslFlowData*)flow->get_flow_data(SslFlowData::inspector_id);
- return fd ? &fd->session : nullptr;
+ return &fd->get_session();
}
static void SSL_UpdateCounts(const uint32_t new_flags)
Profile profile(sslPerfStats);
/* Attempt to get a previously allocated SSL block. */
- SSLData* sd = get_ssl_session_data(p->flow);
+ SSLData* sd = SslBaseFlowData::get_ssl_session_data(p->flow);
if (sd == nullptr)
{
{
FinalizePacketEvent* fp_event = (FinalizePacketEvent*)&e;
const Packet* pkt = fp_event->get_packet();
- SslFlowData* fd = (SslFlowData*)pkt->flow->get_flow_data(SslFlowData::inspector_id);
+ SslFlowData* fd = (SslFlowData*)pkt->flow->get_flow_data(SslBaseFlowData::get_ssl_inspector_id());
if (fd and fd->finalize_info.switch_in)
{
pkt->flow->flags.trigger_finalize_event = fd->finalize_info.orig_flag;
// Implementation header with definitions, datatypes and flowdata class for SSL service inspector.
#include "flow/flow.h"
+#include "ssl_flow_data.h"
-#define SSLPP_ENCRYPTED_FLAGS \
- (SSL_HS_SDONE_FLAG | SSL_CLIENT_KEYX_FLAG | \
- SSL_CAPP_FLAG | SSL_SAPP_FLAG)
-#define SSLPP_ENCRYPTED_FLAGS2 \
- (SSL_HS_SDONE_FLAG | SSL_CHANGE_CIPHER_FLAG | \
- SSL_CAPP_FLAG | SSL_SAPP_FLAG)
-
-struct SSLData
-{
- uint32_t ssn_flags;
- uint16_t partial_rec_len[4];
-};
-
-class SslFlowData : public snort::FlowData
+class SslFlowData : public SslBaseFlowData
{
public:
SslFlowData();
~SslFlowData() override;
static void init()
- { inspector_id = snort::FlowData::create_flow_data_id(); }
+ { assign_ssl_inspector_id(snort::FlowData::create_flow_data_id()); }
size_t size_of() override
{ return sizeof(*this); }
+ SSLData& get_session() override
+ { return session; }
+
public:
- static unsigned inspector_id;
- SSLData session;
struct {
bool orig_flag : 1;
bool switch_in : 1;
} finalize_info;
+
+private:
+ SSLData session;
};
-//Function: API to get the ssl flow data from the packet flow.
-SSLData* get_ssl_session_data(snort::Flow* flow);
#endif
#include "framework/module.h"
#include "ssl_config.h"
-
-#define GID_SSL 137
-
-#define SSL_INVALID_CLIENT_HELLO 1
-#define SSL_INVALID_SERVER_HELLO 2
-#define SSL_ALERT_HB_REQUEST 3
-#define SSL_ALERT_HB_RESPONSE 4
+#include "ssl_flow_data.h"
#define SSL_NAME "ssl"
#define SSL_HELP "ssl inspection"
projects / thirdparty / snort3.git / commitdiff
