AFActVal new_active_value = AFActVal(ind_element.target, packet_time());
- odp_thread_ctxt->add_af_actives(master_key, new_active_value);
+ odp_thread_local_ctxt->add_af_actives(master_key, new_active_value);
}
AppId check_session_for_AF_forecast(AppIdSession& asd, Packet* p, AppidSessionDirection dir, AppId forecast)
AFActKey master_key(p, dir, forecast);
//get out if there is no value
- std::map<AFActKey, AFActVal>* AF_actives = odp_thread_ctxt->get_af_actives();
+ std::map<AFActKey, AFActVal>* AF_actives = odp_thread_local_ctxt->get_af_actives();
assert(AF_actives);
auto check_act_val = AF_actives->find(master_key);
if (check_act_val == AF_actives->end())
time_t age = packet_time() - check_act_val->second.last;
if (age < 0 || age > 300)
{
- odp_thread_ctxt->erase_af_actives(master_key);
+ odp_thread_local_ctxt->erase_af_actives(master_key);
return APP_ID_UNKNOWN;
}
asd.set_payload_id(check_act_val->second.target);
return asd;
}
-const char* AppIdApi::get_application_name(AppId app_id, const AppIdContext& ctxt)
+const char* AppIdApi::get_application_name(AppId app_id, OdpContext& odp_ctxt)
{
- return ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ return odp_ctxt.get_app_info_mgr().get_app_name(app_id);
}
const char* AppIdApi::get_application_name(const Flow& flow, bool from_client)
AppIdSession* asd = get_appid_session(flow);
if (asd)
{
+ // Skip sessions using old odp context after odp reload
+ AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+ if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt())))
+ return nullptr;
+
AppId appid = asd->pick_ss_payload_app_id();
if (appid <= APP_ID_NONE)
appid = asd->pick_ss_misc_app_id();
appid = asd->pick_ss_client_app_id();
}
if (appid > APP_ID_NONE && appid < SF_APPID_MAX)
- app_name = asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(appid);
+ app_name = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(appid);
}
AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
if (inspector)
{
- asd = new AppIdSession(proto, ip, port, *inspector);
+ asd = new AppIdSession(proto, ip, port, *inspector, inspector->get_ctxt().get_odp_ctxt());
flow.set_flow_data(asd);
- asd->set_service_id(appHA->appId[1], asd->ctxt.get_odp_ctxt());
+ asd->set_service_id(appHA->appId[1], asd->get_odp_ctxt());
if (asd->get_service_id() == APP_ID_FTP_CONTROL)
{
asd->set_session_flags(APPID_SESSION_CLIENT_DETECTED |
asd->set_session_flags(APPID_SESSION_HTTP_SESSION);
asd->set_tp_app_id(appHA->appId[0]);
- asd->set_service_id(appHA->appId[1], asd->ctxt.get_odp_ctxt());
+ asd->set_service_id(appHA->appId[1], asd->get_odp_ctxt());
asd->client_inferred_service_id = appHA->appId[2];
asd->set_port_service_id(appHA->appId[3]);
AppIdHttpSession* hsession = nullptr;
if (asd)
{
+ // Skip detection for sessions using old odp context after odp reload
+ AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+ if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt())))
+ return false;
+
AppidChangeBits change_bits;
- SslPatternMatchers& ssl_matchers = asd->ctxt.get_odp_ctxt().get_ssl_matchers();
+ SslPatternMatchers& ssl_matchers = asd->get_odp_ctxt().get_ssl_matchers();
if (!asd->tsession)
asd->tsession = new TlsSession();
else if (sni_mismatch)
SO_PRIVATE AppIdApi() = default;
AppIdSession* get_appid_session(const Flow& flow);
- const char* get_application_name(AppId app_id, const AppIdContext& ctxt);
+ const char* get_application_name(AppId app_id, OdpContext& odp_ctxt);
const char* get_application_name(const Flow& flow, bool from_client);
AppId get_application_id(const char* appName, const AppIdContext& ctxt);
uint32_t produce_ha_state(const Flow& flow, uint8_t* buf);
ConfigLogger::log_flag("log_all_sessions", log_all_sessions);
ConfigLogger::log_flag("log_stats", log_stats);
ConfigLogger::log_value("memcap", memcap);
-
- ConfigLogger::log_flag("load_odp_detectors_in_ctrl", load_odp_detectors_in_ctrl);
}
void AppIdContext::pterm()
odp_ctxt->get_app_info_mgr().cleanup_appid_info_table();
delete odp_ctxt;
- assert(odp_thread_ctxt);
- delete odp_thread_ctxt;
- odp_thread_ctxt = nullptr;
+ assert(odp_thread_local_ctxt);
+ delete odp_thread_local_ctxt;
+ odp_thread_local_ctxt = nullptr;
}
bool AppIdContext::init_appid(SnortConfig* sc)
if (!odp_ctxt)
odp_ctxt = new OdpContext(config, sc);
- if (!odp_thread_ctxt)
- odp_thread_ctxt = new OdpThreadContext(true);
+ if (!odp_thread_local_ctxt)
+ odp_thread_local_ctxt = new OdpThreadContext(true);
// FIXIT-M: RELOAD - Get rid of "once" flag
// Handle the if condition in AppIdContext::init_appid
{
odp_ctxt->get_client_disco_mgr().initialize();
odp_ctxt->get_service_disco_mgr().initialize();
- odp_thread_ctxt->initialize(*this, true);
+ odp_thread_local_ctxt->initialize(*this, true);
odp_ctxt->initialize();
// do not reload third party on reload_config()
return true;
}
+void AppIdContext::create_odp_ctxt()
+{
+ SnortConfig* sc = SnortConfig::get_main_conf();
+ SearchTool::set_conf(sc);
+ odp_ctxt = new OdpContext(config, sc);
+}
+
void AppIdContext::create_tp_appid_ctxt()
{
tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt);
AF_actives = new std::map<AFActKey, AFActVal>;
}
-void OdpThreadContext::initialize(AppIdContext& ctxt, bool is_control)
+void OdpThreadContext::initialize(AppIdContext& ctxt, bool is_control, bool reload_odp)
{
- if (!is_control and ctxt.config.load_odp_detectors_in_ctrl)
+ if (!is_control and reload_odp)
LuaDetectorManager::init_thread_manager(ctxt);
else
- LuaDetectorManager::initialize(ctxt, is_control? 1 : 0,
- ctxt.config.load_odp_detectors_in_ctrl);
+ LuaDetectorManager::initialize(ctxt, is_control? 1 : 0, reload_odp);
}
OdpThreadContext::~OdpThreadContext()
size_t memcap = 0;
bool list_odp_detectors = false;
bool log_all_sessions = false;
- bool load_odp_detectors_in_ctrl = false;
SnortProtocolId snortId_for_unsynchronized;
SnortProtocolId snortId_for_ftp_data;
SnortProtocolId snortId_for_http2;
public:
OdpThreadContext(bool is_control=false);
~OdpThreadContext();
- void initialize(AppIdContext& ctxt, bool is_control=false);
+ void initialize(AppIdContext& ctxt, bool is_control=false, bool reload_odp=false);
void set_lua_detector_mgr(LuaDetectorManager& mgr)
{
static void delete_tp_appid_ctxt()
{ delete tp_appid_ctxt; }
+ void create_odp_ctxt();
void create_tp_appid_ctxt();
bool init_appid(snort::SnortConfig*);
static void pterm();
if (fp) // initialize data session
{
- fp->set_service_id(APP_ID_DCE_RPC, asd->ctxt.get_odp_ctxt());
+ fp->set_service_id(APP_ID_DCE_RPC, asd->get_odp_ctxt());
asd->initialize_future_session(*fp, APPID_SESSION_IGNORE_ID_FLAGS,
APP_ID_FROM_RESPONDER);
}
public:
AppIdDiscoveryArgs(const uint8_t* data, uint16_t size, AppidSessionDirection dir,
AppIdSession& asd, snort::Packet* p, AppidChangeBits& cb) : data(data),
- size(size), dir(dir), asd(asd), pkt(p), ctxt(asd.ctxt), change_bits(cb)
+ size(size), dir(dir), asd(asd), pkt(p), change_bits(cb)
{}
const uint8_t* data;
AppidSessionDirection dir;
AppIdSession& asd;
snort::Packet* pkt;
- const AppIdContext& ctxt;
AppidChangeBits& change_bits;
};
}
void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector,
- ThirdPartyAppIdContext* tp_appid_ctxt)
+ OdpContext& odp_ctxt, ThirdPartyAppIdContext* tp_appid_ctxt)
{
IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
IpProtocol outer_protocol = IpProtocol::PROTO_NOT_SET;
AppidSessionDirection direction = APP_ID_FROM_INITIATOR;
AppIdSession* asd = (AppIdSession*)p->flow->get_flow_data(AppIdSession::inspector_id);
- if (!do_pre_discovery(p, asd, inspector, protocol, outer_protocol, direction))
+ if (!do_pre_discovery(p, asd, inspector, protocol, outer_protocol, direction, odp_ctxt))
return;
AppId service_id = APP_ID_NONE;
// Return false if the packet or the session doesn't need to be inspected
bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspector& inspector,
- IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction)
+ IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction,
+ OdpContext& odp_ctxt)
{
+ // Skip inspection for sessions using old odp context after an odp reload
+ if (asd and (&(asd->get_odp_ctxt()) != &(inspector.get_ctxt().get_odp_ctxt())))
+ {
+ appid_stats.odp_reload_ignored_pkts++;
+ appid_stats.tp_reload_ignored_pkts++;
+ return false;
+ }
+
if (!set_network_attributes(asd, p, protocol, outer_protocol, direction))
{
appid_stats.ignored_packets++;
if (!asd)
{
- asd = AppIdSession::allocate_session(p, protocol, direction, &inspector);
+ asd = AppIdSession::allocate_session(p, protocol, direction, &inspector, odp_ctxt);
if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)
{
flow_flags |= APPID_SESSION_MID;
if (appidDebug->is_active())
{
const char *app_name =
- asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd->get_service_id());
+ asd->get_odp_ctxt().get_app_info_mgr().get_app_name(asd->get_service_id());
LogMessage("AppIdDbg %s Ignoring connection with service %s (%d)\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown",
asd->get_service_id());
return;
}
- AppId id = asd.ctxt.get_odp_ctxt().get_port_service_id(protocol, p->ptrs.sp);
+ AppId id = asd.get_odp_ctxt().get_port_service_id(protocol, p->ptrs.sp);
if (id > APP_ID_NONE)
{
asd.set_port_service_id(id);
if (appidDebug->is_active())
{
AppId ps_id = asd.get_port_service_id();
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id);
LogMessage("AppIdDbg %s Port service %s (%d) from port\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown",
asd.get_port_service_id());
check_static = true;
if ((asd.session_packet_count %
- asd.ctxt.get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and
+ asd.get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and
(asd.session_packet_count <=
- asd.ctxt.get_odp_ctxt().host_port_app_cache_lookup_range) and
- asd.ctxt.get_odp_ctxt().is_host_port_app_cache_runtime)
+ asd.get_odp_ctxt().host_port_app_cache_lookup_range) and
+ asd.get_odp_ctxt().is_host_port_app_cache_runtime)
check_dynamic = true;
if (!(check_static || check_dynamic))
HostPortVal* hv = nullptr;
if (check_static and
- (hv = asd.ctxt.get_odp_ctxt().host_port_cache_find(ip, port, protocol)))
+ (hv = asd.get_odp_ctxt().host_port_cache_find(ip, port, protocol)))
{
asd.scan_flags |= SCAN_HOST_PORT_FLAG;
switch (hv->type)
asd.set_payload_id(hv->appId);
break;
default:
- asd.set_service_id(hv->appId, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(hv->appId, asd.get_odp_ctxt());
asd.sync_with_snort_protocol_id(hv->appId, p);
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
if (ht)
{
AppId appid = ht->get_appid(port, protocol, true,
- asd.ctxt.get_odp_ctxt().allow_port_wildcard_host_cache);
+ asd.get_odp_ctxt().allow_port_wildcard_host_cache);
if (appid > APP_ID_NONE)
{
// FIXIT-L: Make this more generic to support service and payload IDs
bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and
misc_id <= APP_ID_NONE);
bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or
- (asd.ctxt.get_odp_ctxt().recheck_for_portservice_appid and
+ (asd.get_odp_ctxt().recheck_for_portservice_appid and
service_id == asd.get_port_service_id()));
- bool is_ssl_none = asd.ctxt.get_odp_ctxt().check_host_cache_unknown_ssl and
+ bool is_ssl_none = asd.get_odp_ctxt().check_host_cache_unknown_ssl and
asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
(not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname()));
- if (is_appid_none or is_ssl_none or asd.ctxt.get_odp_ctxt().check_host_port_app_cache)
+ if (is_appid_none or is_ssl_none or asd.get_odp_ctxt().check_host_port_app_cache)
return true;
return false;
}
if (outer_protocol != IpProtocol::PROTO_NOT_SET)
{
- AppId id = asd.ctxt.get_odp_ctxt().get_protocol_service_id(outer_protocol);
+ AppId id = asd.get_odp_ctxt().get_protocol_service_id(outer_protocol);
if (id > APP_ID_NONE)
{
asd.misc_app_id = misc_id = id;
if (appidDebug->is_active())
{
const char *app_name =
- asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.misc_app_id);
+ asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.misc_app_id);
LogMessage("AppIdDbg %s Outer protocol service %s (%d)\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown",
asd.misc_app_id);
{
if ( !asd.get_session_flags(APPID_SESSION_PORT_SERVICE_DONE) )
{
- AppId id = asd.ctxt.get_odp_ctxt().get_protocol_service_id(protocol);
+ AppId id = asd.get_odp_ctxt().get_protocol_service_id(protocol);
if (id > APP_ID_NONE)
{
asd.set_port_service_id(id);
{
AppId ps_id = asd.get_port_service_id();
const char *app_name =
- asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id);
+ asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id);
LogMessage("AppIdDbg %s Protocol service %s (%d) from protocol\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown", ps_id);
}
if (!is_tp_done)
is_discovery_done = do_tp_discovery(*tp_appid_ctxt, asd, protocol, p,
direction, change_bits);
+ else
+ appid_stats.tp_reload_ignored_pkts++;
}
else if (!tp_appid_ctxt->get_tp_reload_in_progress())
is_discovery_done = do_tp_discovery(*tp_appid_ctxt, asd, protocol, p,
// exceptions for rexec and any other service detector that need to see SYN and SYN/ACK
if (asd.get_session_flags(APPID_SESSION_REXEC_STDERR))
{
- asd.ctxt.get_odp_ctxt().get_service_disco_mgr().identify_service(asd, p, direction,
+ asd.get_odp_ctxt().get_service_disco_mgr().identify_service(asd, p, direction,
change_bits);
if (asd.get_session_flags(APPID_SESSION_SERVICE_DETECTED |
{
if (asd.service_disco_state != APPID_DISCO_STATE_FINISHED)
is_discovery_done =
- asd.ctxt.get_odp_ctxt().get_service_disco_mgr().do_service_discovery(asd, p,
+ asd.get_odp_ctxt().get_service_disco_mgr().do_service_discovery(asd, p,
direction, change_bits);
if (asd.client_disco_state != APPID_DISCO_STATE_FINISHED)
is_discovery_done =
- asd.ctxt.get_odp_ctxt().get_client_disco_mgr().do_client_discovery(asd, p,
+ asd.get_odp_ctxt().get_client_disco_mgr().do_client_discovery(asd, p,
direction, change_bits);
asd.set_session_flags(APPID_SESSION_ADDITIONAL_PACKET);
}
asd.length_sequence.sequence_cnt++;
asd.length_sequence.sequence[index].direction = direction;
asd.length_sequence.sequence[index].length = p->dsize;
- AppId id = asd.ctxt.get_odp_ctxt().length_cache_find(asd.length_sequence);
+ AppId id = asd.get_odp_ctxt().length_cache_find(asd.length_sequence);
if (id > APP_ID_NONE)
{
service_id = id;
asd.set_port_service_id(id);
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(id);
LogMessage("AppIdDbg %s Port service %s (%d) from length\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown", id);
}
if (payload_id != asd.past_indicator and payload_id != APP_ID_NONE)
{
asd.past_indicator = payload_id;
- check_session_for_AF_indicator(p, direction, (AppId)payload_id, asd.ctxt.get_odp_ctxt());
+ check_session_for_AF_indicator(p, direction, (AppId)payload_id, asd.get_odp_ctxt());
}
if (asd.past_forecast != service_id and asd.past_forecast != APP_ID_UNKNOWN and
class ServiceDetector;
struct ServiceDetectorPort;
class ThirdPartyAppIdContext;
+class OdpContext;
namespace snort
{
virtual int add_service_port(AppIdDetector*, const ServiceDetectorPort&);
static void do_application_discovery(snort::Packet* p, AppIdInspector&,
- ThirdPartyAppIdContext*);
+ OdpContext&, ThirdPartyAppIdContext*);
AppIdDetectors* get_tcp_detectors()
{
private:
static bool do_pre_discovery(snort::Packet* p, AppIdSession*& asd, AppIdInspector& inspector,
- IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction);
+ IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction,
+ OdpContext& odp_ctxt);
static bool do_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol,
IpProtocol outer_protocol, AppidSessionDirection direction, AppId& service_id,
AppId& client_id, AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits,
#include <cassert>
+#include "managers/inspector_manager.h"
#include "app_info_table.h"
#include "appid_debug.h"
#include "appid_discovery.h"
#include "appid_http_session.h"
+#include "appid_inspector.h"
#include "appid_session.h"
#include "utils/util.h"
AppIdSession* asd = appid_api.get_appid_session(*flow);
if (!asd)
return;
+ else
+ {
+ // Skip detection for sessions using old odp context after odp reload
+ AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+ if (inspector and (&(asd->get_odp_ctxt()) != &(inspector->get_ctxt().get_odp_ctxt())))
+ return;
+ }
AppidSessionDirection direction;
const uint8_t* header_start;
HttpEvent* http_event = (HttpEvent*)&event;
AppidChangeBits change_bits;
- if (asd->ctxt.get_tp_appid_ctxt() && !http_event->get_is_http2())
+ if (asd->get_tp_appid_ctxt() && !http_event->get_is_http2())
return;
if (appidDebug->is_active())
if (http_event->get_is_http2())
{
- asd->set_service_id(APP_ID_HTTP2, asd->ctxt.get_odp_ctxt());
+ asd->set_service_id(APP_ID_HTTP2, asd->get_odp_ctxt());
}
hsession->process_http_packet(direction, change_bits,
- asd->ctxt.get_odp_ctxt().get_http_matchers());
+ asd->get_odp_ctxt().get_http_matchers());
if (asd->get_service_id() != APP_ID_HTTP2)
asd->set_ss_application_ids(asd->pick_service_app_id(), asd->pick_ss_client_app_id(),
{
int num_found = 0;
cmd.cur_ptype = (HttpFieldIds)i;
- AppId ret = http_matchers.scan_chp(cmd, &version, &user, &num_found, this, asd.ctxt);
+ AppId ret = http_matchers.scan_chp(cmd, &version, &user, &num_found, this, asd.get_odp_ctxt());
total_found += num_found;
if (!ret || num_found < ptype_req_counts[i])
{
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
LogMessage("AppIdDbg %s %s is client %s (%d)\n", appidDebug->get_debug_session(),
type, app_name ? app_name : "unknown", app_id);
}
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
if(app_id == APP_ID_UNKNOWN)
LogMessage("AppIdDbg %s Payload is Unknown (%d)\n", appidDebug->get_debug_session(),
app_id);
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
LogMessage("AppIdDbg %s URL is referred %s (%d)\n", appidDebug->get_debug_session(),
app_name ? app_name : "unknown", app_id);
}
if (asd.get_service_id() == APP_ID_NONE or asd.get_service_id() == APP_ID_HTTP2)
{
if (asd.get_service_id() == APP_ID_NONE)
- asd.set_service_id(APP_ID_HTTP, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(APP_ID_HTTP, asd.get_odp_ctxt());
asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED);
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
}
if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and
asd.get_service_id() != service_id)
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
LogMessage("AppIdDbg %s User Agent is service %s (%d)\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown", service_id);
}
asd.set_service_appid_data(app_id, change_bits, version);
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
LogMessage("AppIdDbg %s X service %s (%d)\n", appidDebug->get_debug_session(),
app_name ? app_name : "unknown", app_id);
}
if ( http_matchers.get_appid_from_url(my_host, urlStr, &version,
refStr, &client_id, &service_id, &payload_id,
- &referredPayloadAppId, false, asd.ctxt.get_odp_ctxt()) )
+ &referredPayloadAppId, false, asd.get_odp_ctxt()) )
{
// do not overwrite a previously-set client or service
if (client.get_id() <= APP_ID_NONE and client_id != APP_ID_HTTP)
if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id !=
APP_ID_HTTP && asd.get_service_id() != service_id)
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
LogMessage("AppIdDbg %s URL is service %s (%d)\n",
appidDebug->get_debug_session(),
app_name ? app_name : "unknown",
AppId tp_payload_app_id = asd.get_tp_payload_app_id();
if (tp_payload_app_id > APP_ID_NONE)
{
- entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id);
+ entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id);
// only move tpPayloadAppId to client if client app id is valid
if (entry && entry->clientId > APP_ID_NONE)
{
}
else if (payload.get_id() > APP_ID_NONE)
{
- entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(payload.get_id());
+ entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(payload.get_id());
// only move payload_app_id to client if it has a ClientAppid
if (entry && entry->clientId > APP_ID_NONE)
{
#include "tp_lib_handler.h"
using namespace snort;
-THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt = nullptr;
-THREAD_LOCAL OdpThreadContext* odp_thread_ctxt = nullptr;
+THREAD_LOCAL ThirdPartyAppIdContext* pkt_thread_tp_appid_ctxt = nullptr;
+THREAD_LOCAL OdpThreadContext* odp_thread_local_ctxt = nullptr;
+THREAD_LOCAL OdpContext* pkt_thread_odp_ctxt = nullptr;
static THREAD_LOCAL PacketTracer::TracerMute appid_mute;
CRYPTO_cleanup_all_ex_data();
}
-static void add_appid_to_packet_trace(Flow& flow)
+static void add_appid_to_packet_trace(Flow& flow, OdpContext& odp_context)
{
AppIdSession* session = appid_api.get_appid_session(flow);
- if (session)
+ // Skip sessions using old odp context after odp reload
+ if (!session || (&(session->get_odp_ctxt()) != &odp_context))
+ return;
+
+ AppId service_id, client_id, payload_id, misc_id;
+ const char* service_app_name, * client_app_name, * payload_app_name, * misc_name;
+ OdpContext& odp_ctxt = session->get_odp_ctxt();
+ session->get_api().get_first_stream_app_ids(service_id, client_id, payload_id, misc_id);
+ service_app_name = appid_api.get_application_name(service_id, odp_ctxt);
+ client_app_name = appid_api.get_application_name(client_id, odp_ctxt);
+ payload_app_name = appid_api.get_application_name(payload_id, odp_ctxt);
+ misc_name = appid_api.get_application_name(misc_id, odp_ctxt);
+
+ if (PacketTracer::is_active())
{
- AppId service_id, client_id, payload_id, misc_id;
- const char* service_app_name, * client_app_name, * payload_app_name, * misc_name;
- session->get_api().get_first_stream_app_ids(service_id, client_id, payload_id, misc_id);
- service_app_name = appid_api.get_application_name(service_id, session->ctxt);
- client_app_name = appid_api.get_application_name(client_id, session->ctxt);
- payload_app_name = appid_api.get_application_name(payload_id, session->ctxt);
- misc_name = appid_api.get_application_name(misc_id, session->ctxt);
-
- if (PacketTracer::is_active())
- {
- PacketTracer::log(appid_mute,
- "AppID: service: %s(%d), client: %s(%d), payload: %s(%d), misc: %s(%d)\n",
- (service_app_name ? service_app_name : ""), service_id,
- (client_app_name ? client_app_name : ""), client_id,
- (payload_app_name ? payload_app_name : ""), payload_id,
- (misc_name ? misc_name : ""), misc_id);
- }
+ PacketTracer::log(appid_mute,
+ "AppID: service: %s(%d), client: %s(%d), payload: %s(%d), misc: %s(%d)\n",
+ (service_app_name ? service_app_name : ""), service_id,
+ (client_app_name ? client_app_name : ""), client_id,
+ (payload_app_name ? payload_app_name : ""), payload_id,
+ (misc_name ? misc_name : ""), misc_id);
}
}
AppIdStatistics::initialize_manager(*config);
- assert(!odp_thread_ctxt);
- odp_thread_ctxt = new OdpThreadContext();
- odp_thread_ctxt->initialize(*ctxt);
+ assert(!pkt_thread_odp_ctxt);
+ pkt_thread_odp_ctxt = &(ctxt->get_odp_ctxt());
+
+ assert(!odp_thread_local_ctxt);
+ odp_thread_local_ctxt = new OdpThreadContext();
+ odp_thread_local_ctxt->initialize(*ctxt);
AppIdServiceState::initialize(config->memcap);
- assert(!tp_appid_thread_ctxt);
- tp_appid_thread_ctxt = ctxt->get_tp_appid_ctxt();
- if (tp_appid_thread_ctxt)
- tp_appid_thread_ctxt->tinit();
+ assert(!pkt_thread_tp_appid_ctxt);
+ pkt_thread_tp_appid_ctxt = ctxt->get_tp_appid_ctxt();
+ if (pkt_thread_tp_appid_ctxt)
+ pkt_thread_tp_appid_ctxt->tinit();
if (ctxt->config.log_all_sessions)
appidDebug->set_enabled(true);
}
{
AppIdStatistics::cleanup();
AppIdDiscovery::tterm();
- assert(odp_thread_ctxt);
- delete odp_thread_ctxt;
- odp_thread_ctxt = nullptr;
+ assert(odp_thread_local_ctxt);
+ delete odp_thread_local_ctxt;
+ odp_thread_local_ctxt = nullptr;
ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt();
if (tp_appid_ctxt)
tp_appid_ctxt->tfini();
if (p->flow)
{
- AppIdDiscovery::do_application_discovery(p, *this, tp_appid_thread_ctxt);
+ AppIdDiscovery::do_application_discovery(p, *this, *pkt_thread_odp_ctxt, pkt_thread_tp_appid_ctxt);
// FIXIT-L tag verdict reason as appid for daq
if (PacketTracer::is_active())
- add_appid_to_packet_trace(*p->flow);
+ add_appid_to_packet_trace(*p->flow, *pkt_thread_odp_ctxt);
}
else
appid_stats.ignored_packets++;
};
-extern THREAD_LOCAL OdpThreadContext* odp_thread_ctxt;
-extern THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt;
+extern THREAD_LOCAL OdpThreadContext* odp_thread_local_ctxt;
+extern THREAD_LOCAL OdpContext* pkt_thread_odp_ctxt;
+extern THREAD_LOCAL ThirdPartyAppIdContext* pkt_thread_tp_appid_ctxt;
#endif
#include "main/analyzer_command.h"
#include "main/snort.h"
#include "main/swapper.h"
-#include "main/thread_config.h"
#include "managers/inspector_manager.h"
#include "profiler/profiler.h"
#include "src/main.h"
"print third party configuration on startup" },
{ "log_all_sessions", Parameter::PT_BOOL, nullptr, "false",
"enable logging of all appid sessions" },
- { "load_odp_detectors_in_ctrl", Parameter::PT_BOOL, nullptr, "false",
- "load odp detectors in control thread" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
bool ACThirdPartyAppIdContextSwap::execute(Analyzer&, void**)
{
- assert(tp_appid_thread_ctxt);
+ assert(pkt_thread_tp_appid_ctxt);
ThirdPartyAppIdContext* tp_appid_ctxt = inspector.get_ctxt().get_tp_appid_ctxt();
- assert(tp_appid_thread_ctxt != tp_appid_ctxt);
- bool reload_in_progress = tp_appid_thread_ctxt->tfini(true);
- tp_appid_thread_ctxt->set_tp_reload_in_progress(reload_in_progress);
+ assert(pkt_thread_tp_appid_ctxt != tp_appid_ctxt);
+ bool reload_in_progress = pkt_thread_tp_appid_ctxt->tfini(true);
+ pkt_thread_tp_appid_ctxt->set_tp_reload_in_progress(reload_in_progress);
if (reload_in_progress)
return false;
request.respond("== swapping third-party configuration\n", from_shell);
tp_appid_ctxt->tinit();
- tp_appid_thread_ctxt = tp_appid_ctxt;
+ pkt_thread_tp_appid_ctxt = tp_appid_ctxt;
return true;
}
request.respond("== reload third-party complete\n", from_shell, true);
}
+class ACOdpContextSwap : public AnalyzerCommand
+{
+public:
+ bool execute(Analyzer&, void**) override;
+ ACOdpContextSwap(const AppIdInspector& inspector, OdpContext& odp_ctxt,
+ Request& current_request, bool from_shell) : inspector(inspector),
+ odp_ctxt(odp_ctxt), request(current_request), from_shell(from_shell) { }
+ ~ACOdpContextSwap() override;
+ const char* stringify() override { return "ODP_CONTEXT_SWAP"; }
+private:
+ const AppIdInspector& inspector;
+ OdpContext& odp_ctxt;
+ Request& request;
+ bool from_shell;
+};
+
+bool ACOdpContextSwap::execute(Analyzer&, void**)
+{
+ AppIdContext& ctxt = inspector.get_ctxt();
+ OdpContext& current_odp_ctxt = ctxt.get_odp_ctxt();
+ assert(pkt_thread_odp_ctxt != ¤t_odp_ctxt);
+
+ LogMessage("== swapping ODP configuration\n");
+ request.respond("== swapping ODP configuration\n", from_shell);
+
+ AppIdServiceState::clean();
+ AppIdPegCounts::cleanup_pegs();
+ AppIdServiceState::initialize(ctxt.config.memcap);
+ AppIdPegCounts::init_pegs();
+
+ pkt_thread_odp_ctxt = ¤t_odp_ctxt;
+ assert(odp_thread_local_ctxt);
+ delete odp_thread_local_ctxt;
+ odp_thread_local_ctxt = new OdpThreadContext();
+ odp_thread_local_ctxt->initialize(ctxt, false, true);
+ return true;
+}
+
+ACOdpContextSwap::~ACOdpContextSwap()
+{
+ odp_ctxt.get_app_info_mgr().cleanup_appid_info_table();
+ delete &odp_ctxt;
+ LogMessage("== reload ODP complete\n");
+ request.respond("== reload ODP complete\n", from_shell);
+ Swapper::set_reload_in_progress(false);
+}
+
static int enable_debug(lua_State* L)
{
int proto = luaL_optint(L, 1, 0);
return 0;
}
+static int reload_odp(lua_State* L)
+{
+ bool from_shell = ( L != nullptr );
+ Request& current_request = get_current_request();
+ if (Swapper::get_reload_in_progress())
+ {
+ current_request.respond("== reload pending; retry\n", from_shell);
+ return 0;
+ }
+ current_request.respond(".. reloading ODP\n", from_shell);
+ AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
+ if (!inspector)
+ {
+ current_request.respond("== reload ODP failed - appid not enabled\n", from_shell);
+ return 0;
+ }
+ Swapper::set_reload_in_progress(true);
+
+ AppIdContext& ctxt = inspector->get_ctxt();
+ OdpContext& old_odp_ctxt = ctxt.get_odp_ctxt();
+ AppIdPegCounts::cleanup_peg_info();
+ LuaDetectorManager::clear_lua_detector_mgrs();
+ ctxt.create_odp_ctxt();
+ assert(odp_thread_local_ctxt);
+ delete odp_thread_local_ctxt;
+ odp_thread_local_ctxt = new OdpThreadContext(true);
+
+ OdpContext& odp_ctxt = ctxt.get_odp_ctxt();
+ odp_ctxt.get_client_disco_mgr().initialize();
+ odp_ctxt.get_service_disco_mgr().initialize();
+ odp_thread_local_ctxt->initialize(ctxt, true, true);
+ odp_ctxt.initialize();
+
+ main_broadcast_command(new ACOdpContextSwap(*inspector, old_odp_ctxt,
+ current_request, from_shell), from_shell);
+ return 0;
+}
+
static const Parameter enable_debug_params[] =
{
{ "proto", Parameter::PT_INT, nullptr, nullptr, "numerical IP protocol ID filter" },
{ "enable_debug", enable_debug, enable_debug_params, "enable appid debugging"},
{ "disable_debug", disable_debug, nullptr, "disable appid debugging"},
{ "reload_third_party", reload_third_party, nullptr, "reload appid third-party module" },
+ { "reload_odp", reload_odp, nullptr, "reload appid open detector package" },
{ nullptr, nullptr, nullptr, nullptr }
};
{ CountType::SUM, "service_cache_prunes", "number of times the service cache was pruned" },
{ CountType::SUM, "service_cache_adds", "number of times an entry was added to the service cache" },
{ CountType::SUM, "service_cache_removes", "number of times an item was removed from the service cache" },
+ { CountType::SUM, "odp_reload_ignored_pkts", "count of packets ignored after open detector package is reloaded" },
+ { CountType::SUM, "tp_reload_ignored_pkts", "count of packets ignored after third-party module is reloaded" },
{ CountType::END, nullptr, nullptr },
};
config->list_odp_detectors = v.get_bool();
else if ( v.is("log_all_sessions") )
config->log_all_sessions = v.get_bool();
- else if ( v.is("load_odp_detectors_in_ctrl") )
- config->load_odp_detectors_in_ctrl = v.get_bool();
return true;
}
PegCount service_cache_prunes;
PegCount service_cache_adds;
PegCount service_cache_removes;
+ PegCount odp_reload_ignored_pkts;
+ PegCount tp_reload_ignored_pkts;
};
#endif
}
AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto,
- AppidSessionDirection direction, AppIdInspector* inspector)
+ AppidSessionDirection direction, AppIdInspector* inspector, OdpContext& odp_context)
{
uint16_t port = 0;
(p->ptrs.sp != p->ptrs.dp))
port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
- AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector);
+ AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector, odp_context);
asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec;
- asd->snort_protocol_id = asd->ctxt.config.snortId_for_unsynchronized;
+ asd->snort_protocol_id = asd->config.snortId_for_unsynchronized;
p->flow->set_flow_data(asd);
return asd;
}
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port,
- AppIdInspector& inspector)
- : FlowData(inspector_id, &inspector), ctxt(inspector.get_ctxt()),
- protocol(proto), api(*(new AppIdSessionApi(this, *ip)))
+ AppIdInspector& inspector, OdpContext& odp_ctxt)
+ : FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config),
+ protocol(proto), api(*(new AppIdSessionApi(this, *ip))),
+ odp_ctxt(odp_ctxt), tp_appid_ctxt(inspector.get_ctxt().get_tp_appid_ctxt())
{
service_ip.clear();
session_id = ++appid_flow_data_id;
{
if (!in_expected_cache)
{
- if (ctxt.config.log_stats)
+ if (config.log_stats)
AppIdStatistics::get_stats_manager()->update(*this);
// fail any service detection that is in process for this flow
if (tpsession)
{
- if (&(tpsession->get_ctxt()) == tp_appid_thread_ctxt)
+ if (&(tpsession->get_ctxt()) == pkt_thread_tp_appid_ctxt)
tpsession->delete_with_ctxt();
else
delete tpsession;
// FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
- AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector);
+ AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector,
+ inspector->get_ctxt().get_odp_ctxt());
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
cliPort, srvIp, srvPort, snort_protocol_id, asd))
break;
}
- AppInfoTableEntry* entry = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(newAppId);
+ AppInfoTableEntry* entry = odp_ctxt.get_app_info_mgr().get_app_info_entry(newAppId);
if (!entry)
return;
// service
if (api.service.get_id() == api.service.get_port_service_id())
- api.service.set_id(APP_ID_NONE, ctxt.get_odp_ctxt());
+ api.service.set_id(APP_ID_NONE, odp_ctxt);
api.service.set_port_service_id(APP_ID_NONE);
api.service.reset();
service_ip.clear();
if ((scan_flags & SCAN_SSL_HOST_FLAG) and tls_str)
{
size_t size = strlen(tls_str);
- if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_hostname((const uint8_t*)tls_str, size,
+ if (odp_ctxt.get_ssl_matchers().scan_hostname((const uint8_t*)tls_str, size,
client_id, payload_id))
{
if (api.client.get_id() == APP_ID_NONE or api.client.get_id() == APP_ID_SSL_CLIENT)
if ((scan_flags & SCAN_SSL_CERTIFICATE_FLAG) and (tls_str = tsession->get_tls_cname()))
{
size_t size = strlen(tls_str);
- if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
+ if (odp_ctxt.get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
client_id, payload_id))
{
if (api.client.get_id() == APP_ID_NONE or api.client.get_id() == APP_ID_SSL_CLIENT)
if ((tls_str = tsession->get_tls_org_unit()))
{
size_t size = strlen(tls_str);
- if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
+ if (odp_ctxt.get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
client_id, payload_id))
{
set_client_appid_data(client_id, change_bits);
if (const char* url = hsession->get_cfield(MISC_URL_FID))
{
- HttpPatternMatchers& http_matchers = ctxt.get_odp_ctxt().get_http_matchers();
+ HttpPatternMatchers& http_matchers = odp_ctxt.get_http_matchers();
const char* referer = hsession->get_cfield(REQ_REFERER_FID);
- if (((http_matchers.get_appid_from_url(nullptr, url, &version,
+ if ((http_matchers.get_appid_from_url(nullptr, url, &version,
referer, &client_id, &service_id, &payload_id,
- &referred_payload_id, true, ctxt.get_odp_ctxt())) ||
+ &referred_payload_id, true, odp_ctxt)) ||
(http_matchers.get_appid_from_url(nullptr, url, &version,
referer, &client_id, &service_id, &payload_id,
- &referred_payload_id, false, ctxt.get_odp_ctxt()))))
+ &referred_payload_id, false, odp_ctxt)))
{
// do not overwrite a previously-set client or service
if (hsession->client.get_id() <= APP_ID_NONE)
if (id != cur_id)
{
if (cur_id)
- if (ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(cur_id) >
- ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(id))
+ if (odp_ctxt.get_app_info_mgr().get_priority(cur_id) >
+ odp_ctxt.get_app_info_mgr().get_priority(id))
return;
api.client.set_id(id);
}
if (id <= APP_ID_NONE)
return;
- if (ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(api.payload.get_id()) >
- ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(id))
+ if (odp_ctxt.get_app_info_mgr().get_priority(api.payload.get_id()) >
+ odp_ctxt.get_app_info_mgr().get_priority(id))
return;
api.payload.set_id(id);
api.payload.set_version(version, change_bits);
bool AppIdSession::is_svc_taking_too_much_time() const
{
- return (init_pkts_without_reply > ctxt.get_odp_ctxt().max_packet_service_fail_ignore_bytes ||
- (init_pkts_without_reply > ctxt.get_odp_ctxt().max_packet_before_service_fail &&
- init_bytes_without_reply > ctxt.get_odp_ctxt().max_bytes_before_service_fail));
+ return (init_pkts_without_reply > odp_ctxt.max_packet_service_fail_ignore_bytes ||
+ (init_pkts_without_reply > odp_ctxt.max_packet_before_service_fail &&
+ init_bytes_without_reply > odp_ctxt.max_bytes_before_service_fail));
}
void AppIdSession::delete_session_data(bool free_api)
{
AppId rval = APP_ID_NONE;
- if (!ctxt.get_tp_appid_ctxt())
+ if (!tp_appid_ctxt)
{
if (is_service_detected())
{
bool AppIdSession::is_tp_appid_done() const
{
- if (ctxt.get_tp_appid_ctxt())
+ if (tp_appid_ctxt)
{
if (get_session_flags(APPID_SESSION_FUTURE_FLOW))
return true;
bool AppIdSession::is_tp_appid_available() const
{
- if (ctxt.get_tp_appid_ctxt())
+ if (tp_appid_ctxt)
{
if (!tpsession)
return false;
{
tp_app_id = app_id;
AppInfoTableEntry* entry =
- ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
+ odp_ctxt.get_app_info_mgr().get_app_info_entry(tp_app_id);
if (entry)
{
tp_app_id_deferred = (entry->flags & APPINFO_FLAG_DEFER) ? true : false;
{
tp_payload_app_id = app_id;
AppInfoTableEntry* entry =
- ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id);
+ odp_ctxt.get_app_info_mgr().get_app_info_entry(tp_payload_app_id);
if (entry)
{
tp_payload_app_id_deferred = (entry->flags & APPINFO_FLAG_DEFER_PAYLOAD) ? true : false;
class AppIdSession : public snort::FlowData
{
public:
- AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, AppIdInspector&);
+ AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port,
+ AppIdInspector&, OdpContext&);
~AppIdSession() override;
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
- AppidSessionDirection, AppIdInspector*);
+ AppidSessionDirection, AppIdInspector*, OdpContext&);
static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t,
const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId);
void initialize_future_session(AppIdSession&, uint64_t, AppidSessionDirection);
uint32_t session_id = 0;
snort::Flow* flow = nullptr;
- AppIdContext& ctxt;
+ AppIdConfig& config;
std::unordered_map<unsigned, AppIdFlowData*> flow_data;
uint64_t flags = 0;
uint16_t initiator_port = 0;
if (tp_app_id != app_id)
{
tp_app_id = app_id;
- tp_app_id_deferred = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags
+ tp_app_id_deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags
(tp_app_id, APPINFO_FLAG_DEFER);
}
}
if (tp_payload_app_id != app_id)
{
tp_payload_app_id = app_id;
- tp_payload_app_id_deferred = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags
+ tp_payload_app_id_deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags
(tp_payload_app_id, APPINFO_FLAG_DEFER_PAYLOAD);
}
}
api.set_tls_host(tsession->get_tls_host());
}
+ OdpContext& get_odp_ctxt() const
+ {
+ return odp_ctxt;
+ }
+
+ ThirdPartyAppIdContext* get_tp_appid_ctxt() const
+ {
+ return tp_appid_ctxt;
+ }
+
private:
uint16_t prev_http2_raw_packet = 0;
uint16_t my_inferred_svcs_ver = 0;
snort::AppIdSessionApi& api;
static uint16_t inferred_svcs_ver;
+ OdpContext& odp_ctxt;
+ ThirdPartyAppIdContext* tp_appid_ctxt = nullptr;
};
#endif
return true;
}
- if (asd->ctxt.get_odp_ctxt().check_host_port_app_cache)
+ if (asd->get_odp_ctxt().check_host_port_app_cache)
return true;
return false;
cooked_client = true;
AppInfoTableEntry* entry
- = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id);
+ = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id);
if ( entry )
{
*match_list = nullptr;
}
-ClientAppMatch* ClientDiscovery::find_detector_candidates(const Packet* pkt, AppIdSession& asd)
+ClientAppMatch* ClientDiscovery::find_detector_candidates(const Packet* pkt, const AppIdSession& asd)
{
ClientAppMatch* match_list = nullptr;
SearchTool* patterns;
if (asd.protocol == IpProtocol::TCP)
- patterns = asd.ctxt.get_odp_ctxt().get_client_disco_mgr().tcp_patterns;
+ patterns = asd.get_odp_ctxt().get_client_disco_mgr().tcp_patterns;
else
- patterns = asd.ctxt.get_odp_ctxt().get_client_disco_mgr().udp_patterns;
+ patterns = asd.get_odp_ctxt().get_client_disco_mgr().udp_patterns;
if ( patterns )
patterns->find_all((const char*)pkt->data, pkt->dsize, &pattern_match, false, (void*)&match_list);
{
// Third party has positively identified appId; Dig deeper only if our
// detector identifies additional information
- entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
+ entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
if ( entry && entry->client_detector
&& ( ( entry->flags & ( APPINFO_FLAG_CLIENT_ADDITIONAL |
APPINFO_FLAG_CLIENT_USER ) )
!asd.get_session_flags(APPID_SESSION_NO_TPI) and
asd.is_tp_appid_available() )
{
- entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
+ entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
if ( !( entry && entry->client_detector
&& entry->client_detector == asd.client_detector
&& (entry->flags & (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER) ) ) )
private:
void exec_client_detectors(AppIdSession&, snort::Packet*,
AppidSessionDirection direction, AppidChangeBits& change_bits);
- ClientAppMatch* find_detector_candidates(const snort::Packet* pkt, AppIdSession&);
+ ClientAppMatch* find_detector_candidates(const snort::Packet* pkt, const AppIdSession&);
void create_detector_candidates_list(AppIdSession&, snort::Packet*);
int get_detector_candidates_list(AppIdSession&, snort::Packet*, AppidSessionDirection direction);
};
goto udp_done;
}
if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data,
- args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS)
+ args.asd.get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS)
{
if (rval == APPID_REVERSED)
{
// To get here, we missed the initial query, got a
// response, and now we've got another query.
rval = validate_packet(args.data, args.size, args.dir,
- args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd);
+ args.asd.get_odp_ctxt().dns_host_reporting, args.asd);
if (rval == APPID_SUCCESS)
goto inprocess;
}
// To get here, we missed the initial query, but now we've got
// a response.
rval = validate_packet(args.data, args.size, args.dir,
- args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd);
+ args.asd.get_odp_ctxt().dns_host_reporting, args.asd);
if (rval == APPID_SUCCESS)
{
args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED);
}
rval = validate_packet(args.data, args.size, args.dir,
- args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd);
+ args.asd.get_odp_ctxt().dns_host_reporting, args.asd);
if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR))
goto inprocess;
uint16_t size = args.size - sizeof(DNSTCPHeader);
uint16_t tmp = ntohs(hdr->length);
if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data,
- args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd))
+ args.asd.get_odp_ctxt().dns_host_reporting, args.asd))
{
if (args.dir == APP_ID_FROM_INITIATOR)
goto not_compatible;
if (tmp > size)
goto not_compatible;
rval = validate_packet(data, size, args.dir,
- args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd);
+ args.asd.get_odp_ctxt().dns_host_reporting, args.asd);
if (rval != APPID_SUCCESS)
goto tcp_done;
{
fp->set_client_id(asd.get_client_id());
fp->set_payload_id(asd.get_payload_id());
- fp->set_service_id(APP_ID_RTP, asd.ctxt.get_odp_ctxt());
+ fp->set_service_id(APP_ID_RTP, asd.get_odp_ctxt());
// FIXIT-M : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE.
// Check if it is needed here as well.
{
fp2->set_client_id(asd.get_client_id());
fp2->set_payload_id(asd.get_payload_id());
- fp2->set_service_id(APP_ID_RTCP, asd.ctxt.get_odp_ctxt());
+ fp2->set_service_id(APP_ID_RTCP, asd.get_odp_ctxt());
// FIXIT-M : same comment as above
// asd.initialize_future_session(*fp2, APPID_SESSION_EXPECTED_EVALUATE, APP_ID_APPID_SESSION_DIRECTION_MAX);
IpProtocol protocol = p->is_tcp() ? IpProtocol::TCP : IpProtocol::UDP;
AppidSessionDirection direction = p->is_from_client() ? APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER;
AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
- asd = AppIdSession::allocate_session(p, protocol, direction, inspector);
+ asd = AppIdSession::allocate_session(p, protocol, direction, inspector, inspector->get_ctxt().get_odp_ctxt());
}
AppidChangeBits change_bits;
if ( !fd->user_agent.empty() )
{
- if ( asd.ctxt.get_odp_ctxt().get_sip_matchers().get_client_from_ua(
+ if ( asd.get_odp_ctxt().get_sip_matchers().get_client_from_ua(
fd->user_agent.c_str(), fd->user_agent.size(), client_id, client_version) )
goto success;
}
{
fd->flags |= SIP_FLAG_SERVER_CHECKED;
- if ( asd.ctxt.get_odp_ctxt().get_sip_matchers().get_client_from_server(
+ if ( asd.get_odp_ctxt().get_sip_matchers().get_client_from_server(
fd->from.c_str(), fd->from.size(), client_id, client_version) )
goto success;
}
}
AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, char** user,
- int* total_found, AppIdHttpSession* hsession, const AppIdContext& ctxt)
+ int* total_found, AppIdHttpSession* hsession, const OdpContext& odp_ctxt)
{
AppId ret = APP_ID_NONE;
unsigned pt = cmd.cur_ptype;
hsession->set_skip_simple_detect(true);
break;
case EXTRACT_USER:
- if ( !*user && !ctxt.get_odp_ctxt().chp_userid_disabled )
+ if ( !*user && !odp_ctxt.chp_userid_disabled )
{
extract_chp(cmd.buffer[pt], cmd.length[pt], tmp.start_match_pos, match->psize,
match->action_data, user);
void scan_key_chp(ChpMatchDescriptor&);
AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*,
- const AppIdContext&);
+ const OdpContext&);
AppId scan_header_x_working_with(const char*, uint32_t, char**);
int get_appid_by_pattern(const char*, unsigned, char**);
bool get_appid_from_url(const char*, const char*, char**, const char*, AppId*, AppId*,
unsigned AppIdSession::inspector_id = 0;
AppIdConfig stub_config;
AppIdContext stub_ctxt(stub_config);
-AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector)
- : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), ctxt(stub_ctxt),
- api(*(new AppIdSessionApi(this, *ip))) { }
+OdpContext stub_odp_ctxt(stub_config, nullptr);
+AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
+ OdpContext&) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), config(stub_config),
+ api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
AppIdHttpSession::AppIdHttpSession(AppIdSession& asd, uint32_t http2_stream_id)
: asd(asd), http2_stream_id(http2_stream_id)
#include <CppUTest/TestHarness.h>
#include <CppUTestExt/MockSupport.h>
+static AppIdConfig config;
+static AppIdContext ctxt(config);
+static OdpContext odpctxt(config, nullptr);
+OdpContext* AppIdContext::odp_ctxt = &odpctxt;
static HttpPatternMatchers* hm = nullptr;
static Packet pkt;
static SfIp sfip;
static AppIdModule appid_mod;
static AppIdInspector appid_inspector(appid_mod);
-static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector);
+static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt);
static AppIdHttpSession mock_hsession(session, 0);
static ChpMatchDescriptor cmd_test;
static MatchedCHPAction mchp;
static char* my_action_data = (char*)"0";
static const char* my_chp_data = (const char*)"chp_data";
static int total_found;
-static AppIdConfig config;
-static AppIdContext ctxt(config);
-static OdpContext odpctxt(config, nullptr);
-OdpContext* AppIdContext::odp_ctxt = &odpctxt;
static AppId service_id = APP_ID_NONE;
static AppId client_id = APP_ID_NONE;
static DetectorHTTPPattern mpattern;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword";
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(user);
user = nullptr;
mchp.start_match_pos = 0;
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
// testing FUTURE_APPID_SESSION_SIP (default action)
chpa_test.action = FUTURE_APPID_SESSION_SIP;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
#include "utils/util.h"
#include "app_info_table.h"
+#include "appid_inspector.h"
#include "appid_session.h"
using namespace std;
AppIdSession* session = appid_api.get_appid_session(*(p->flow));
- if ( !session )
+ // Skip detection for sessions using old odp context after odp reload
+ if ( !session || (&(session->get_odp_ctxt()) != pkt_thread_odp_ctxt))
return NO_MATCH;
AppId app_ids[APP_PROTOID_MAX];
AppId service_id = session->get_api().get_service_app_id();
- OdpContext& odp_ctxt = session->ctxt.get_odp_ctxt();
+ OdpContext& odp_ctxt = session->get_odp_ctxt();
if (service_id != APP_ID_HTTP2)
{
// Verify detector user data and that we are in packet context
LuaStateDescriptor* lsd = ud->validate_lua_state(true);
- auto df = odp_thread_ctxt->get_lua_detector_mgr().get_detector_flow();
+ auto df = odp_thread_local_ctxt->get_lua_detector_mgr().get_detector_flow();
if (!df)
{
df = new DetectorFlow(L, lsd->ldp.asd);
- odp_thread_ctxt->get_lua_detector_mgr().set_detector_flow(df);
+ odp_thread_local_ctxt->get_lua_detector_mgr().set_detector_flow(df);
}
UserData<DetectorFlow>::push(L, DETECTORFLOW, df);
lua_pushvalue(L, -1);
// Note that Lua detector objects are thread local
ud.set_cb_fn_name(callback);
- if (!odp_thread_ctxt->get_lua_detector_mgr().insert_cb_detector(app_id, &ud))
+ if (!odp_thread_local_ctxt->get_lua_detector_mgr().insert_cb_detector(app_id, &ud))
{
ErrorMessage("AppId: detector callback already registered for app %d\n", app_id);
return 1;
return -10;
}
- LuaDetectorManager& lua_detector_mgr = odp_thread_ctxt->get_lua_detector_mgr();
+ LuaDetectorManager& lua_detector_mgr = odp_thread_local_ctxt->get_lua_detector_mgr();
auto my_lua_state = lua_detector_mgr.L;
const string& cb_fn_name = ud.get_cb_fn_name();
const char* detector_name = ud.get_detector()->get_name().c_str();
AppId app_id, AppidChangeBits& change_bits, AppInfoTableEntry* entry)
{
if (!entry)
- entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id);
+ entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id);
if (!entry)
return;
if (entry->flags & APPINFO_FLAG_CLIENT_DETECTOR_CALLBACK or
entry->flags & APPINFO_FLAG_SERVICE_DETECTOR_CALLBACK)
{
- LuaObject* ud = odp_thread_ctxt->get_lua_detector_mgr().get_cb_detector(app_id);
+ LuaObject* ud = odp_thread_local_ctxt->get_lua_detector_mgr().get_cb_detector(app_id);
assert(ud);
if (ud->is_running())
int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args)
{
- LuaDetectorManager& lua_detector_mgr = odp_thread_ctxt->get_lua_detector_mgr();
+ LuaDetectorManager& lua_detector_mgr = odp_thread_local_ctxt->get_lua_detector_mgr();
auto my_lua_state = lua_detector_mgr.L;
if (!my_lua_state)
{
int LuaServiceDetector::validate(AppIdDiscoveryArgs& args)
{
//FIXIT-M: RELOAD - use lua references to get user data object from stack
- auto my_lua_state = odp_thread_ctxt->get_lua_detector_mgr().L;
+ auto my_lua_state = odp_thread_local_ctxt->get_lua_detector_mgr().L;
lua_settop(my_lua_state,0);
std::string name = this->name + "_";
lua_getglobal(my_lua_state, name.c_str());
int LuaClientDetector::validate(AppIdDiscoveryArgs& args)
{
//FIXIT-M: RELOAD - use lua references to get user data object from stack
- auto my_lua_state = odp_thread_ctxt->get_lua_detector_mgr().L;
+ auto my_lua_state = odp_thread_local_ctxt->get_lua_detector_mgr().L;
std::string name = this->name + "_";
lua_settop(my_lua_state,0); //set stack index to 0
lua_getglobal(my_lua_state, name.c_str());
lua_pushvalue(L, -1);
detector_flow->userDataRef = luaL_ref(L, LUA_REGISTRYINDEX);
- odp_thread_ctxt->get_lua_detector_mgr().set_detector_flow(detector_flow);
+ odp_thread_local_ctxt->get_lua_detector_mgr().set_detector_flow(detector_flow);
if (!detector_flow->asd)
{
void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control, bool reload)
{
LuaDetectorManager* lua_detector_mgr = new LuaDetectorManager(ctxt, is_control);
- odp_thread_ctxt->set_lua_detector_mgr(*lua_detector_mgr);
+ odp_thread_local_ctxt->set_lua_detector_mgr(*lua_detector_mgr);
if (!lua_detector_mgr->L)
FatalError("Error - appid: can not create new luaState, instance=%u\n",
void LuaDetectorManager::init_thread_manager(const AppIdContext& ctxt)
{
LuaDetectorManager* lua_detector_mgr = lua_detector_mgr_list[get_instance_id()];
- odp_thread_ctxt->set_lua_detector_mgr(*lua_detector_mgr);
+ odp_thread_local_ctxt->set_lua_detector_mgr(*lua_detector_mgr);
lua_detector_mgr->activate_lua_detectors();
if (ctxt.config.list_odp_detectors)
lua_detector_mgr->list_lua_detectors();
}
+void LuaDetectorManager::clear_lua_detector_mgrs()
+{
+ lua_detector_mgr_list.clear();
+}
+
void LuaDetectorManager::free_detector_flow()
{
delete detector_flow;
~LuaDetectorManager();
static void initialize(AppIdContext&, int is_control=0, bool reload=false);
static void init_thread_manager(const AppIdContext&);
+ static void clear_lua_detector_mgrs();
void set_detector_flow(DetectorFlow* df)
{
asd.set_service_vendor(vendor);
asd.set_service_version(version, change_bits);
asd.set_service_detected();
- asd.set_service_id(appId, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(appId, asd.get_odp_ctxt());
if (asd.get_session_flags(APPID_SESSION_IGNORE_HOST))
return APPID_SUCCESS;
void ServiceDiscovery::get_port_based_services(IpProtocol protocol, uint16_t port,
AppIdSession& asd)
{
- ServiceDiscovery& sd = asd.ctxt.get_odp_ctxt().get_service_disco_mgr();
+ ServiceDiscovery& sd = asd.get_odp_ctxt().get_service_disco_mgr();
if ( asd.is_decrypted() )
{
asd.service_candidates.empty() )
{
asd.service_detector = sds->select_detector_by_brute_force(proto,
- asd.ctxt.get_odp_ctxt().get_service_disco_mgr());
+ asd.get_odp_ctxt().get_service_disco_mgr());
got_brute_force = true;
}
}
{
// Third party has positively identified appId; Dig deeper only if our
// detector identifies additional information or flow is UDP reversed.
- AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
+ AppInfoTableEntry* entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
if ( entry && entry->service_detector &&
( ( entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL ) ||
( ( entry->flags & APPINFO_FLAG_SERVICE_UDP_REVERSED ) &&
!asd.get_session_flags(APPID_SESSION_NO_TPI) and
asd.is_tp_appid_available() )
{
- AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
+ AppInfoTableEntry* entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id);
if ( entry && entry->service_detector &&
!(entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL) )
{
// job of it than we do, so stay out of its way, and don't
// waste time (but we will still get the Snort callbacks
// for any of our own future flows). Shut down our detectors.
- asd.set_service_id(APP_ID_SIP, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(APP_ID_SIP, asd.get_odp_ctxt());
asd.stop_service_inspection(p, direction);
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
}
{
// No need for anybody to keep wasting time once we've
// found RTP - Shut down our detectors.
- asd.set_service_id(tp_app_id, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(tp_app_id, asd.get_odp_ctxt());
asd.stop_service_inspection(p, direction);
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
// - Shut down TP.
asd.get_service_id() == APP_ID_NONE && asd.is_svc_taking_too_much_time())
{
asd.stop_service_inspection(p, direction);
- asd.set_service_id(APP_ID_UNKNOWN, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(APP_ID_UNKNOWN, asd.get_odp_ctxt());
return isTpAppidDiscoveryDone;
}
AppIdDnsSession* dsession = asd.get_dns_session();
if (dsession and asd.get_service_id() == APP_ID_DNS
- and asd.ctxt.get_odp_ctxt().dns_host_reporting and dsession->get_host())
+ and asd.get_odp_ctxt().dns_host_reporting and dsession->get_host())
{
AppId client_id = APP_ID_NONE;
AppId payload_id = APP_ID_NONE;
- asd.ctxt.get_odp_ctxt().get_dns_matchers().scan_hostname((const uint8_t*)(dsession->get_host()),
+ asd.get_odp_ctxt().get_dns_matchers().scan_hostname((const uint8_t*)(dsession->get_host()),
dsession->get_host_len(), client_id, payload_id);
asd.set_client_appid_data(client_id, change_bits);
}
asd.set_service_detected();
asd.clear_session_flags(APPID_SESSION_CONTINUE);
- asd.set_service_id(APP_ID_NONE, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(APP_ID_NONE, asd.get_odp_ctxt());
if ( asd.get_session_flags(APPID_SESSION_IGNORE_HOST | APPID_SESSION_UDP_REVERSED) )
return APPID_SUCCESS;
if ( !asd.service_detector && !asd.service_candidates.empty() )
return APPID_SUCCESS;
- asd.set_service_id(APP_ID_NONE, asd.ctxt.get_odp_ctxt());
+ asd.set_service_id(APP_ID_NONE, asd.get_odp_ctxt());
asd.set_service_detected();
asd.clear_session_flags(APPID_SESSION_CONTINUE);
uint64_t encrypted_flags = asd.get_session_flags(APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED);
if (encrypted_flags == APPID_SESSION_ENCRYPTED)
{
- fp->set_service_id(APP_ID_FTPSDATA, asd.ctxt.get_odp_ctxt());
+ fp->set_service_id(APP_ID_FTPSDATA, asd.get_odp_ctxt());
}
else
{
encrypted_flags = 0; // reset (APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED) bits
- fp->set_service_id(APP_ID_FTP_DATA, asd.ctxt.get_odp_ctxt());
+ fp->set_service_id(APP_ID_FTP_DATA, asd.get_odp_ctxt());
}
asd.initialize_future_session(*fp, APPID_SESSION_IGNORE_ID_FLAGS | encrypted_flags, dir);
ret_val = validate_reply(args.data, args.size);
if (ret_val == 1)
{
- if (args.ctxt.get_odp_ctxt().mdns_user_reporting)
+ if (args.asd.get_odp_ctxt().mdns_user_reporting)
{
MatchedPatterns* pattern_list = nullptr;
analyze_user(args.asd, args.pkt, args.size, pattern_list);
snort_free(toast->name);
snort_free(toast);
}
+ rpc_programs = nullptr;
}
int RpcServiceDetector::validate(AppIdDiscoveryArgs& args)
}
/* Give up if it's taking us too long to figure out this thing. */
- if (args.asd.session_packet_count >= args.asd.ctxt.get_odp_ctxt().rtmp_max_packets)
+ if (args.asd.session_packet_count >= args.asd.get_odp_ctxt().rtmp_max_packets)
{
goto fail;
}
if ( ss->pageUrl )
{
if ( !hsession->get_field(REQ_REFERER_FID) &&
- !args.asd.ctxt.get_odp_ctxt().referred_appId_disabled )
+ !args.asd.get_odp_ctxt().referred_appId_disabled )
hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits);
snort_free(ss->pageUrl);
{
args.asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_NOT_A_SERVICE);
args.asd.clear_session_flags(APPID_SESSION_CONTINUE);
- args.asd.set_service_id(APP_ID_SNMP, args.asd.ctxt.get_odp_ctxt());
+ args.asd.set_service_id(APP_ID_SNMP, args.asd.get_odp_ctxt());
break;
}
sd->state = SNMP_STATE_RESPONSE;
uint16_t size =215;
AppidSessionDirection dir = APP_ID_FROM_INITIATOR;
AppIdInspector ins;
+ OdpContext odp_ctxt(config, nullptr);
snort::Packet pkt;
AppidChangeBits cb;
SfIp ip;
- AppIdSession asd(IpProtocol::TCP, &ip, 21, ins);
+ AppIdSession asd(IpProtocol::TCP, &ip, 21, ins, odp_ctxt);
AppIdDiscoveryArgs args(data, size, dir, asd, &pkt,cb);
- ServiceDiscovery& s_discovery_manager = asd.ctxt.get_odp_ctxt().get_service_disco_mgr();
+ ServiceDiscovery& s_discovery_manager = asd.get_odp_ctxt().get_service_disco_mgr();
args.pkt->ptrs.sp = args.pkt->ptrs.dp = 138;
NbdgmServiceDetector nsd(&s_discovery_manager);
nsd.validate(args);
unsigned AppIdSession::inspector_id = 0;
AppIdConfig stub_config;
AppIdContext stub_ctxt(stub_config);
-AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector)
- : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), ctxt(stub_ctxt),
- api(*(new AppIdSessionApi(this, *ip))) { }
+static OdpContext stub_odp_ctxt(stub_config, nullptr);
+OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
+AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
+ OdpContext&) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
+ config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
void AppIdSession::free_flow_data()
{
return nullptr;
}
void ServiceDiscoveryState::set_service_id_valid(ServiceDetector*) { }
-static OdpContext stub_odp_ctxt(stub_config, nullptr);
-OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*)
{ }
{
AppIdConfig config;
AppIdContext ctxt(config);
- const char* app_name = appid_api.get_application_name(1066, ctxt);
+ const char* app_name = appid_api.get_application_name(1066, ctxt.get_odp_ctxt());
STRCMP_EQUAL(app_name, test_app_name);
}
{
mock_init_appid_pegs();
SfIp ip;
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector,
+ dummy_appid_inspector.get_ctxt().get_odp_ctxt());
int rc = CommandLineTestRunner::RunAllTests(argc, argv);
mock_cleanup_appid_pegs();
delete &mock_session->get_api();
};
AppIdConfig::~AppIdConfig() { }
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
+OdpContext::~OdpContext() { }
AppIdConfig stub_config;
AppIdContext stub_ctxt(stub_config);
-AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&)
- : FlowData(0), ctxt(stub_ctxt), api(*(new AppIdSessionApi(this, *ip))) { }
+OdpContext stub_odp_ctxt(stub_config, nullptr);
+AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&, OdpContext&)
+ : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))),
+ odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
// Utility functions
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
SfIp dip;
dip.set("10.1.2.3");
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt);
// This packet...
sip.set("10.9.8.7"); // this would be a reply back
uint16_t sport = 80;
sip.set("2001:db8:85a3::8a2e:370:7334"); // IPv6
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("2001:db8:85a3::8a2e:370:7335");
uint16_t sport = 1234;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
SfIp dip;
dip.set("10.1.2.3");
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt);
// This packet...
sip.set("10.9.8.7");
uint16_t sport = 80;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
SfIp ip;
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector,
+ dummy_appid_inspector.get_ctxt().get_odp_ctxt());
flow = new Flow;
flow->set_flow_data(mock_session);
}
bool AppIdSession::is_tp_processing_done() const {return 0;}
AppId AppIdSession::pick_ss_payload_app_id(AppId) const { return get_payload_id(); }
AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol,
- AppidSessionDirection, AppIdInspector*)
+ AppidSessionDirection, AppIdInspector*, OdpContext&)
{
return nullptr;
}
p.ptrs.ip_api.set(ip, ip);
AppIdModule app_module;
AppIdInspector ins(app_module);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
asd->initiator_port = 21;
asd->set_session_flags(APPID_SESSION_FUTURE_FLOW);
- AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
+ AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr);
// Detect changes in service, client, payload, and misc appid
mock().checkExpectations();
p.ptrs.tcph = nullptr;
AppIdModule app_module;
AppIdInspector ins(app_module);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
asd->initiator_port = 21;
- AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
+ AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr);
// Detect changes in service, client, payload, and misc appid
mock().checkExpectations();
AppIdModule app_module;
AppIdInspector ins(app_module);
SfIp ip;
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
const char* version = "3.0";
asd->set_client_version(version, change_bits);
p.ptrs.ip_api.set(ip, ip);
AppIdModule app_module;
AppIdInspector ins(app_module);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
asd->set_client_id(APP_ID_CURL);
asd->set_service_id(APP_ID_FTP, app_ctxt.get_odp_ctxt());
- AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
+ AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr);
// Detect event for FTP service and CURL client
CHECK_EQUAL(asd->get_client_id(), APP_ID_CURL);
asd->set_payload_id(APP_ID_NONE);
asd->set_client_id(APP_ID_NONE);
asd->set_service_id(APP_ID_DNS, app_ctxt.get_odp_ctxt());
- AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
+ AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr);
// Detect event for DNS service
mock().checkExpectations();
namespace snort
{
AppIdApi appid_api;
+Inspector* InspectorManager::get_inspector(
+ char const*, bool, const snort::SnortConfig*) { return nullptr; }
}
const char* content_type = nullptr;
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
flow = new Flow;
SfIp ip;
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt);
mock_session->create_http_session();
flow->set_flow_data(mock_session);
appidDebug = new AppIdDebug();
}
AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**,
- int*, AppIdHttpSession*, const AppIdContext&)
+ int*, AppIdHttpSession*, const OdpContext&)
{
return 0;
}
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
// AppIdSession mock functions
-AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector)
- : FlowData(inspector_id, &inspector), ctxt(stub_ctxt),
- api(*(new AppIdSessionApi(this, *ip)))
+AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector, OdpContext&)
+ : FlowData(inspector_id, &inspector), config(stub_config),
+ api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{}
AppIdSession::~AppIdSession()
THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
SfIp sfip;
-AppIdSession session(IpProtocol::IP, &sfip, 0, dummy_appid_inspector);
+AppIdSession session(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt);
AppIdHttpSession mock_hsession(session, 0);
TEST_GROUP(appid_http_session)
static AppIdContext stub_ctxt(stub_config);
static OdpContext stub_odp_ctxt(stub_config, nullptr);
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
-AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector)
- : FlowData(inspector_id, &inspector), ctxt(stub_ctxt), protocol(proto),
- api(*(new AppIdSessionApi(this, *ip)))
+AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector,
+ OdpContext&) : FlowData(inspector_id, &inspector), config(stub_config),
+ protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{
service_port = APPID_UT_SERVICE_PORT;
AppidChangeBits change_bits;
api.dsession = new MockAppIdDnsSession;
tp_app_id = APPID_UT_ID;
- set_service_id(APPID_UT_ID + 1, ctxt.get_odp_ctxt());
+ set_service_id(APPID_UT_ID + 1, odp_ctxt);
client_inferred_service_id = APPID_UT_ID + 2;
set_port_service_id(APPID_UT_ID + 3);
set_payload_id(APPID_UT_ID + 4);
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
SfIp ip;
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
mock_session->set_ss_application_ids(APPID_UT_ID, APPID_UT_ID, APPID_UT_ID,
APPID_UT_ID, APPID_UT_ID, change_bits);
}
// 4th if in is_appid_inspecting_session
mock_session->set_application_ids_service(APP_ID_NONE, change_bits);
- mock_session->ctxt.get_odp_ctxt().check_host_port_app_cache = true;
+ mock_session->get_odp_ctxt().check_host_port_app_cache = true;
val = mock_session->get_api().is_appid_inspecting_session();
CHECK_TRUE(val);
}
void ClientAppDescriptor::update_stats(AppId) {}
void PayloadAppDescriptor::update_stats(AppId) {}
AppIdConfig::~AppIdConfig() { }
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
+OdpContext::~OdpContext() { }
AppIdConfig stub_config;
AppIdContext stub_ctxt(stub_config);
-AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&)
- : FlowData(0), ctxt(stub_ctxt), api(*(new AppIdSessionApi(this, *ip))) { }
+OdpContext stub_odp_ctxt(stub_config, nullptr);
+AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&, OdpContext&)
+ : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))),
+ odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
AppIdDiscovery::AppIdDiscovery() {}
AppIdDiscovery::~AppIdDiscovery() {}
+void ClientDiscovery::initialize() { }
void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol) {}
void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool*, int, const uint8_t* const,
unsigned, unsigned) {}
ServiceDetector*, ServiceDiscoveryState*) { return 0; }
int ServiceDiscovery::add_service_port(AppIdDetector*,
const ServiceDetectorPort&) { return APPID_EINVALID; }
+DnsPatternMatchers::~DnsPatternMatchers() { }
+HttpPatternMatchers::~HttpPatternMatchers() { }
+SipPatternMatchers::~SipPatternMatchers() { }
+SslPatternMatchers::~SslPatternMatchers() { }
+snort::SearchTool::SearchTool(char const*, bool) { }
+snort::SearchTool::~SearchTool() { }
TEST_GROUP(service_state_tests)
{
AppIdInspector inspector;
SfIp client_ip;
client_ip.set("1.2.3.4");
- AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector);
+ AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt);
// Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0
sds.set_state(ServiceState::VALID);
AppIdInspector inspector;
SfIp client_ip;
client_ip.set("1.2.3.4");
- AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector);
+ AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt);
// Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1
sds.set_state(ServiceState::VALID);
}
}
- if ( !asd.ctxt.get_odp_ctxt().referred_appId_disabled &&
+ if ( !asd.get_odp_ctxt().referred_appId_disabled &&
!hsession->get_field(REQ_REFERER_FID) )
{
if ( ( field=attribute_data.http_request_referer(own) ) != nullptr )
attribute_data.http_request_user_agent_begin() ) > 0 )
{
char *version = nullptr;
- HttpPatternMatchers& http_matchers = asd.ctxt.get_odp_ctxt().get_http_matchers();
+ HttpPatternMatchers& http_matchers = asd.get_odp_ctxt().get_http_matchers();
http_matchers.identify_user_agent(field->c_str(), size, service_id,
client_id, &version);
}
if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 &&
- asd.session_packet_count > asd.ctxt.get_odp_ctxt().rtmp_max_packets) )
+ asd.session_packet_count > asd.get_odp_ctxt().rtmp_max_packets) )
{
const std::string* url;
if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr )
{
- HttpPatternMatchers& http_matchers = asd.ctxt.get_odp_ctxt().get_http_matchers();
+ HttpPatternMatchers& http_matchers = asd.get_odp_ctxt().get_http_matchers();
const char* referer = hsession->get_cfield(REQ_REFERER_FID);
if ( ( ( http_matchers.get_appid_from_url(nullptr, url->c_str(),
nullptr, referer, &client_id, &service_id,
- &payload_id, &referred_payload_app_id, true, asd.ctxt.get_odp_ctxt()) )
+ &payload_id, &referred_payload_app_id, true, asd.get_odp_ctxt()) )
||
( http_matchers.get_appid_from_url(nullptr, url->c_str(),
nullptr, referer, &client_id, &service_id,
- &payload_id, &referred_payload_app_id, false, asd.ctxt.get_odp_ctxt()) ) ) == 1 )
+ &payload_id, &referred_payload_app_id, false, asd.get_odp_ctxt()) ) ) == 1 )
{
// do not overwrite a previously-set client or service
if ( hsession->client.get_id() <= APP_ID_NONE )
{
if (!asd.service_detector)
{
- AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().
+ AppInfoTableEntry* entry = asd.get_odp_ctxt().
get_app_info_mgr().get_app_info_entry(APP_ID_SSL);
if (entry)
if (!asd.get_client_id())
asd.set_client_appid_data(APP_ID_SSL_CLIENT, change_bits);
- reinspect_ssl_appid = check_ssl_appid_for_reinspect(tmpAppId, asd.ctxt.get_odp_ctxt());
+ reinspect_ssl_appid = check_ssl_appid_for_reinspect(tmpAppId, asd.get_odp_ctxt());
if (!(asd.scan_flags & SCAN_CERTVIZ_ENABLED_FLAG) and
asd.tsession->get_tls_host() == nullptr and
ThirdPartyAppIDAttributeData& attribute_data)
{
const string* field=0;
- if (!asd.ctxt.get_odp_ctxt().ftp_userid_disabled &&
+ if (!asd.get_odp_ctxt().ftp_userid_disabled &&
(field=attribute_data.ftp_command_user()) != nullptr)
{
asd.set_client_user(APP_ID_FTP_CONTROL, field->c_str());
{
AppIdHttpSession* hsession = asd.get_http_session();
- if ((tpPktCount >= asd.ctxt.get_odp_ctxt().max_tp_flow_depth) ||
+ if ((tpPktCount >= asd.get_odp_ctxt().max_tp_flow_depth) ||
(asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) ==
(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) && hsession &&
hsession->get_field(REQ_URI_FID) &&
return true;
}
- if (!p->dsize and !asd.ctxt.get_odp_ctxt().tp_allow_probes)
+ if (!p->dsize and !asd.get_odp_ctxt().tp_allow_probes)
return false;
bool process_packet = (protocol != IpProtocol::TCP or (p->packet_flags & PKT_STREAM_ORDER_OK) or
- asd.ctxt.get_odp_ctxt().tp_allow_probes);
+ asd.get_odp_ctxt().tp_allow_probes);
if (!process_packet)
return false;
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
LogMessage("AppIdDbg %s 3rd party returned %s (%d)\n",
appidDebug->get_debug_session(), app_name ? app_name : "unknown", tp_app_id);
}
assert(hsession);
}
- unsigned app_info_flags = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(tp_app_id,
+ unsigned app_info_flags = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(tp_app_id,
APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE );
// if the third-party appId must be treated as a client, do it now
}
if (tp_app_id == APP_ID_SSL &&
- (Stream::get_snort_protocol_id(p->flow) == asd.ctxt.config.snortId_for_ftp_data))
+ (Stream::get_snort_protocol_id(p->flow) == asd.config.snortId_for_ftp_data))
{
// If we see SSL on an FTP data channel set tpAppId back
// to APP_ID_NONE so the FTP preprocessor picks up the flow.
else if (hsession->payload.get_id() == APP_ID_HTTP_TUNNEL and tp_app_id != APP_ID_SSL)
hsession->set_payload(tp_app_id, change_bits, "3rd party");
- hsession->process_http_packet(direction, change_bits, asd.ctxt.get_odp_ctxt().get_http_matchers());
+ hsession->process_http_packet(direction, change_bits, asd.get_odp_ctxt().get_http_matchers());
if (asd.get_tp_app_id() == APP_ID_HTTP and
!asd.get_session_flags(APPID_SESSION_APP_REINSPECT) and
asd.set_port_service_id(portAppId);
if (appidDebug->is_active())
{
- const char *service_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
- const char *port_service_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.get_port_service_id());
+ const char *service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
+ const char *port_service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.get_port_service_id());
LogMessage("AppIdDbg %s SSL is service %s (%d), portServiceAppId %s (%d)\n",
appidDebug->get_debug_session(),
service_name ? service_name : "unknown", tp_app_id,
tp_app_id = portAppId;
if (appidDebug->is_active())
{
- const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
+ const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id);
LogMessage("AppIdDbg %s SSL is %s (%d)\n", appidDebug->get_debug_session(),
app_name ? app_name : "unknown", tp_app_id);
}
projects / thirdparty / snort3.git / commitdiff
