Merge pull request #2384 in SNORT/snort3 from ~SATHIRKA/snort3:skip_detection_old_con...

author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)

committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)
author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)
committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)
diff --git a/src/network_inspectors/appid/appid_dcerpc_event_handler.h b/src/network_inspectors/appid/appid_dcerpc_event_handler.h

index c7cf8d6faf01a195b7067a4354d57224756b9990..7db84333bb23b5c9717524e477f10517389d3d8f 100644 (file)
--- a/src/network_inspectors/appid/appid_dcerpc_event_handler.h
+++ b/src/network_inspectors/appid/appid_dcerpc_event_handler.h
@@ -38,6 +38,13 @@ public:
          AppIdSession* asd = snort::appid_api.get_appid_session(*flow);
          if (!asd)
              return; // appid disabled
+        else
+        {
+            // Skip sessions using old odp context after reload detectors
+            AppIdInspector* inspector = (AppIdInspector*) snort::InspectorManager::get_inspector(MOD_NAME, true);
+            if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt())))
+                return;
+        }
  
          DceExpectedSessionEvent& map_resp_event = static_cast<DceExpectedSessionEvent&>(event);
  
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc

index 9fddf5e58fc16082b3fe8f83d4e8fdf8e7edd164..c1b9925c8aae97b16b7878ea3b065bae2aa20bf9 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -203,8 +203,8 @@ ACOdpContextSwap::~ACOdpContextSwap()
  {
      odp_ctxt.get_app_info_mgr().cleanup_appid_info_table();
      delete &odp_ctxt;
-    LogMessage("== reload ODP complete\n");
-    request.respond("== reload ODP complete\n", from_shell, true);
+    LogMessage("== reload detectors complete\n");
+    request.respond("== reload detectors complete\n", from_shell, true);
      Swapper::set_reload_in_progress(false);
  }
  
@@ -290,7 +290,7 @@ static void clear_dynamic_host_cache_services()
      }
  }
  
-static int reload_odp(lua_State* L)
+static int reload_detectors(lua_State* L)
  {
      bool from_shell = ( L != nullptr );
      Request& current_request = get_current_request();
@@ -299,11 +299,11 @@ static int reload_odp(lua_State* L)
          current_request.respond("== reload pending; retry\n", from_shell);
          return 0;
      }
-    current_request.respond(".. reloading ODP\n", from_shell);
+    current_request.respond(".. reloading detectors\n", from_shell);
      AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
      if (!inspector)
      {
-        current_request.respond("== reload ODP failed - appid not enabled\n", from_shell);
+        current_request.respond("== reload detectors failed - appid not enabled\n", from_shell);
          return 0;
      }
      Swapper::set_reload_in_progress(true);
@@ -324,7 +324,7 @@ static int reload_odp(lua_State* L)
      odp_thread_local_ctxt->initialize(ctxt, true, true);
      odp_ctxt.initialize();
  
-    current_request.respond("== swapping ODP configuration\n", from_shell);
+    current_request.respond("== swapping detectors configuration\n", from_shell);
      main_broadcast_command(new ACOdpContextSwap(*inspector, old_odp_ctxt,
          current_request, from_shell), from_shell);
      return 0;
@@ -346,7 +346,7 @@ static const Command appid_cmds[] =
      { "enable_debug", enable_debug, enable_debug_params, "enable appid debugging"},
      { "disable_debug", disable_debug, nullptr, "disable appid debugging"},
      { "reload_third_party", reload_third_party, nullptr, "reload appid third-party module" },
-    { "reload_odp", reload_odp, nullptr, "reload appid open detector package" },
+    { "reload_detectors", reload_detectors, nullptr, "reload appid detectors" },
      { nullptr, nullptr, nullptr, nullptr }
  };
  
diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc

index 0644ead4caa2119917b296e22b2425a158f49a69..420566bed0b5bdc51c443fe10de649e459cb0e44 100644 (file)
--- a/src/network_inspectors/appid/appid_session_api.cc
+++ b/src/network_inspectors/appid/appid_session_api.cc
@@ -25,6 +25,8 @@
  
  #include "appid_session_api.h"
  
+#include "managers/inspector_manager.h"
+#include "appid_inspector.h"
  #include "appid_session.h"
  #include "service_plugins/service_bootp.h"
  #include "service_plugins/service_netbios.h"
@@ -179,6 +181,13 @@ bool AppIdSessionApi::is_appid_inspecting_session() const
  {
      if (!asd)
          return false;
+    else
+    {
+        // Inspection is not done for sessions using old odp context after reload detectors
+        AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+        if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt())))
+            return false;
+    }
  
      if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or
          !asd->is_tp_appid_done() or
diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc

index 54e0b94275972f8a07c8e54eb02642415597b12a..0a5f45e2f35d242e2ae6946e59168bb0d832ae2f 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -27,10 +27,12 @@
  
  #include "log/text_log.h"
  #include "log/unified2.h"
+#include "managers/inspector_manager.h"
  #include "time/packet_time.h"
  
  #include "appid_config.h"
  #include "app_info_table.h"
+#include "appid_inspector.h"
  #include "appid_session.h"
  
  using namespace snort;
@@ -203,8 +205,17 @@ static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* buc
          if ( app_id >= 2000000000 )
              cooked_client = true;
  
+        // Skip stats for sessions using old odp context after reload detectors
+        AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+        OdpContext& odp_ctxt = asd.get_odp_ctxt();
+        if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &odp_ctxt))
+        {
+            snort_free(record);
+            return;
+        }
+
          AppInfoTableEntry* entry
-            = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id);
+            = odp_ctxt.get_app_info_mgr().get_app_info_entry(app_id);
  
          if ( entry )
          {
diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc

index 7d28ae086108b8549a2a5784b68cadab785a5b87..9fd0de7922bde58ecc77df60b90bdb6099d3c7d7 100644 (file)
--- a/src/network_inspectors/appid/test/appid_session_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_session_api_test.cc
@@ -36,6 +36,10 @@ AppIdSession* mock_session = nullptr;
  AppIdSessionApi* appid_session_api = nullptr;
  static AppIdConfig config;
  static OdpContext odpctxt(config, nullptr);
+Inspector* InspectorManager::get_inspector(char const*, bool, const snort::SnortConfig*)
+{
+    return nullptr;
+}
  
  namespace snort
  {
author	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)
committer	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Wed, 26 Aug 2020 03:28:09 +0000 (03:28 +0000)
src/network_inspectors/appid/appid_dcerpc_event_handler.h		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_module.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_session_api.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_stats.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_session_api_test.cc		patch \| blob \| blame \| history