}
bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, IpProtocol protocol,
- AppidSessionDirection direction)
+ AppidSessionDirection direction, ThirdPartyAppIdContext* tp_appid_ctxt)
{
if (asd.get_session_flags(APPID_SESSION_HOST_CACHE_MATCHED))
return false;
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED);
- if (asd.tpsession)
+
+ if (asd.tpsession and tp_appid_ctxt and
+ (asd.tpsession->get_ctxt_version() == tp_appid_ctxt->get_version()))
asd.tpsession->reset();
+ else if (asd.tpsession)
+ asd.tpsession->set_state(TP_STATE_TERMINATED);
+
if ( asd.get_payload_id() == APP_ID_NONE)
asd.set_payload_id(APP_ID_UNKNOWN);
}
{
bool is_discovery_done = false;
- asd.check_app_detection_restart(change_bits);
+ asd.check_app_detection_restart(change_bits, tp_appid_ctxt);
if (outer_protocol != IpProtocol::PROTO_NOT_SET)
{
asd.scan_flags &= ~SCAN_HTTP_URI_FLAG;
}
- if (do_host_port_based_discovery(p, asd, protocol, direction))
+ if (do_host_port_based_discovery(p, asd, protocol, direction, tp_appid_ctxt))
{
asd.set_port_service_id(APP_ID_NONE);
service_id = asd.pick_service_app_id();
static void do_port_based_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol,
AppidSessionDirection direction);
static bool do_host_port_based_discovery(snort::Packet* p, AppIdSession& asd,
- IpProtocol protocol, AppidSessionDirection direction);
+ IpProtocol protocol, AppidSessionDirection direction, ThirdPartyAppIdContext* tp_appid_ctxt);
};
#endif
expected.client_disco_state = APPID_DISCO_STATE_FINISHED;
}
-void AppIdSession::reinit_session_data(AppidChangeBits& change_bits)
+void AppIdSession::reinit_session_data(AppidChangeBits& change_bits,
+ ThirdPartyAppIdContext* tp_appid_ctxt)
{
misc_app_id = APP_ID_NONE;
free_flow_data_by_mask(APPID_SESSION_DATA_CLIENT_MODSTATE_BIT);
//3rd party cleaning
- if (tpsession)
+ if (tpsession and tp_appid_ctxt and
+ (tpsession->get_ctxt_version() == tp_appid_ctxt->get_version()))
tpsession->reset();
+ else if (tpsession)
+ tpsession->set_state(TP_STATE_TERMINATED);
init_tpPackets = 0;
resp_tpPackets = 0;
}
}
-void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits)
+void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits,
+ ThirdPartyAppIdContext* tp_appid_ctxt)
{
if (get_session_flags(APPID_SESSION_DECRYPTED) or !flow->is_proxied())
return;
if (encrypted.payload_id > APP_ID_NONE)
api.payload.set_overwritten_id(encrypted.payload_id);
- reinit_session_data(change_bits);
+ reinit_session_data(change_bits, tp_appid_ctxt);
if (appidDebug->is_active())
LogMessage("AppIdDbg %s SSL decryption is available, restarting app detection\n",
appidDebug->get_debug_session());
}
-void AppIdSession::check_app_detection_restart(AppidChangeBits& change_bits)
+void AppIdSession::check_app_detection_restart(AppidChangeBits& change_bits,
+ ThirdPartyAppIdContext* tp_appid_ctxt)
{
- check_ssl_detection_restart(change_bits);
+ check_ssl_detection_restart(change_bits, tp_appid_ctxt);
check_tunnel_detection_restart();
}
tp_payload_app_id = APP_ID_UNKNOWN;
tp_app_id = APP_ID_UNKNOWN;
- if (this->tpsession)
- this->tpsession->reset();
+ if (tpsession and pkt_thread_tp_appid_ctxt and
+ (tpsession->get_ctxt_version() == pkt_thread_tp_appid_ctxt->get_version()))
+ tpsession->reset();
+ else if (tpsession)
+ tpsession->set_state(TP_STATE_TERMINATED);
change_bits.reset();
change_bits.set(APPID_RESET_BIT);
void set_client_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
void set_service_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
void set_payload_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
- void check_app_detection_restart(AppidChangeBits& change_bits);
- void check_ssl_detection_restart(AppidChangeBits& change_bits);
+ void check_app_detection_restart(AppidChangeBits& change_bits,
+ ThirdPartyAppIdContext* tp_appid_ctxt);
+ void check_ssl_detection_restart(AppidChangeBits& change_bits,
+ ThirdPartyAppIdContext* tp_appid_ctxt);
void check_tunnel_detection_restart();
void update_encrypted_app_id(AppId);
void examine_rtmp_metadata(AppidChangeBits& change_bits);
private:
uint16_t prev_http2_raw_packet = 0;
- void reinit_session_data(AppidChangeBits& change_bits);
+ void reinit_session_data(AppidChangeBits& change_bits, ThirdPartyAppIdContext* tp_appid_ctxt);
void delete_session_data(bool free_api = true);
bool tp_app_id_deferred = false;
// Stubs for AppIdSession
void AppIdSession::sync_with_snort_protocol_id(AppId, Packet*) {}
-void AppIdSession::check_app_detection_restart(AppidChangeBits&) {}
+void AppIdSession::check_app_detection_restart(AppidChangeBits&, ThirdPartyAppIdContext*) {}
void AppIdSession::set_client_appid_data(AppId, AppidChangeBits&, char*) {}
void AppIdSession::examine_rtmp_metadata(AppidChangeBits&) {}
void AppIdSession::examine_ssl_metadata(AppidChangeBits&) {}
projects / thirdparty / snort3.git / commitdiff
