return false;
if (!init_AF_actives( ))
return false;
+
LuaDetectorModuleManager::luaModuleInit();
appInfoTableInit(mod_config->app_detector_dir, pAppidActiveConfig);
read_port_detectors(ODP_PORT_DETECTORS);
AppIdInspector::~AppIdInspector()
{
+ if(config->debug)
+ dump_appid_stats();
delete active_config;
delete config;
}
{
if (tmp_pattern->dpattern->pattern)
snort_free(tmp_pattern->dpattern->pattern);
- free (tmp_pattern->dpattern);
+ snort_free (tmp_pattern->dpattern);
}
snort_free(tmp_pattern);
}
if (!hosUrlMatcher)
return -1;
- HosUrlDetectorPattern* detector = (HosUrlDetectorPattern*)snort_calloc(
- sizeof(HosUrlDetectorPattern));
+ HosUrlDetectorPattern* detector =
+ (HosUrlDetectorPattern*)snort_calloc(sizeof(HosUrlDetectorPattern));
detector->host.pattern = (uint8_t*)snort_strdup((char*)host_pattern);
if (path_pattern)
}
}
-static inline void setClientAppIdData(AppIdData* session, AppId ClientAppId, char** version)
+static inline void setClientAppIdData(AppIdData* session, AppId clientAppId, char** version)
{
AppIdConfig* pConfig = pAppidActiveConfig;
- if (ClientAppId <= APP_ID_NONE || ClientAppId == APP_ID_HTTP)
+ if (clientAppId <= APP_ID_NONE || clientAppId == APP_ID_HTTP)
return;
- if (session->ClientAppId != ClientAppId)
+ if (session->ClientAppId != clientAppId)
{
unsigned prev_priority = appInfoEntryPriorityGet(session->ClientAppId, pConfig);
- unsigned curr_priority = appInfoEntryPriorityGet(ClientAppId, pConfig);
+ unsigned curr_priority = appInfoEntryPriorityGet(clientAppId, pConfig);
if (pAppidActiveConfig->mod_config->instance_id)
- checkSandboxDetection(ClientAppId);
+ checkSandboxDetection(clientAppId);
if ((session->ClientAppId) && (prev_priority > curr_priority ))
return;
- session->ClientAppId = ClientAppId;
+ session->ClientAppId = clientAppId;
if (session->clientVersion)
snort_free(session->clientVersion);
char* vendorVersion = nullptr;
char* vendor = nullptr;
AppId serviceAppId = 0;
- AppId ClientAppId = 0;
+ AppId clientAppId = 0;
AppId payloadAppId = 0;
AppId referredPayloadAppId = 0;
char* host;
snort_free(version);
version = nullptr;
}
- identifyUserAgent((uint8_t*)useragent, size, &serviceAppId, &ClientAppId, &version,
+ identifyUserAgent((uint8_t*)useragent, size, &serviceAppId, &clientAppId, &version,
&pConfig->detectorHttpConfig);
if (app_id_debug_session_flag && serviceAppId > APP_ID_NONE && serviceAppId !=
APP_ID_HTTP && session->serviceAppId != serviceAppId)
LogMessage("AppIdDbg %s User Agent is service %d\n", app_id_debug_session,
serviceAppId);
seServiceAppIdData(session, serviceAppId, nullptr, nullptr);
- if (app_id_debug_session_flag && ClientAppId > APP_ID_NONE && ClientAppId !=
- APP_ID_HTTP && session->ClientAppId != ClientAppId)
+ if (app_id_debug_session_flag && clientAppId > APP_ID_NONE && clientAppId !=
+ APP_ID_HTTP && session->ClientAppId != clientAppId)
LogMessage("AppIdDbg %s User Agent is client %d\n", app_id_debug_session,
- ClientAppId);
- setClientAppIdData(session, ClientAppId, &version);
+ clientAppId);
+ setClientAppIdData(session, clientAppId, &version);
session->scan_flags &= ~SCAN_HTTP_USER_AGENT_FLAG;
}
{
if (direction == APP_ID_FROM_INITIATOR)
{
- if (app_id_debug_session_flag && ClientAppId > APP_ID_NONE && ClientAppId !=
- APP_ID_HTTP && session->ClientAppId != ClientAppId)
+ if (app_id_debug_session_flag && clientAppId > APP_ID_NONE && clientAppId !=
+ APP_ID_HTTP && session->ClientAppId != clientAppId)
LogMessage("AppIdDbg %s X is client %d\n", app_id_debug_session, appId);
setClientAppIdData(session, appId, &version);
}
snort_free(version);
version = nullptr;
}
- if (getAppIdFromUrl(host, url, &version, referer, &ClientAppId, &serviceAppId,
+ if (getAppIdFromUrl(host, url, &version, referer, &clientAppId, &serviceAppId,
&payloadAppId, &referredPayloadAppId, 0, &pConfig->detectorHttpConfig) == 1)
{
// do not overwrite a previously-set client or service
if (session->ClientAppId <= APP_ID_NONE)
{
- if (app_id_debug_session_flag && ClientAppId > APP_ID_NONE && ClientAppId !=
- APP_ID_HTTP && session->ClientAppId != ClientAppId)
+ if (app_id_debug_session_flag && clientAppId > APP_ID_NONE && clientAppId !=
+ APP_ID_HTTP && session->ClientAppId != clientAppId)
LogMessage("AppIdDbg %s URL is client %d\n", app_id_debug_session,
- ClientAppId);
- setClientAppIdData(session, ClientAppId, nullptr);
+ clientAppId);
+ setClientAppIdData(session, clientAppId, nullptr);
}
if (session->serviceAppId <= APP_ID_NONE)
{
if (session->tpPayloadAppId > APP_ID_NONE)
{
entry = appInfoEntryGet(session->tpPayloadAppId, pConfig);
- // only move tpPayloadAppId to client if its got a ClientAppId
+ // only move tpPayloadAppId to client if its got a clientAppId
if (entry->clientId > APP_ID_NONE)
{
session->miscAppId = session->ClientAppId;
#ifdef REMOVED_WHILE_NOT_IN_USE
size_t size;
int ret;
- AppId ClientAppId = 0;
+ AppId clientAppId = 0;
AppId payloadAppId = 0;
if ((session->scan_flags & SCAN_SSL_HOST_FLAG) && session->tsession->tls_host)
{
size = strlen(session->tsession->tls_host);
if ((ret = ssl_scan_hostname((const u_int8_t*)session->tsession->tls_host, size,
- &ClientAppId, &payloadAppId, &pConfig->serviceSslConfig)))
+ &clientAppId, &payloadAppId, &pConfig->serviceSslConfig)))
{
- setClientAppIdData(session, ClientAppId, nullptr);
+ setClientAppIdData(session, clientAppId, nullptr);
setPayloadAppIdData(session, (ApplicationId)payloadAppId, nullptr);
- setSSLSquelch(p, ret, (ret == 1 ? payloadAppId : ClientAppId));
+ setSSLSquelch(p, ret, (ret == 1 ? payloadAppId : clientAppId));
}
session->scan_flags &= ~SCAN_SSL_HOST_FLAG;
// ret = 0;
{
size = strlen(session->tsession->tls_cname);
if ((ret = ssl_scan_cname((const u_int8_t*)session->tsession->tls_cname, size,
- &ClientAppId, &payloadAppId, &pConfig->serviceSslConfig)))
+ &clientAppId, &payloadAppId, &pConfig->serviceSslConfig)))
{
- setClientAppIdData(session, ClientAppId, nullptr);
+ setClientAppIdData(session, clientAppId, nullptr);
setPayloadAppIdData(session, (ApplicationId)payloadAppId, nullptr);
- setSSLSquelch(p, ret, (ret == 1 ? payloadAppId : ClientAppId));
+ setSSLSquelch(p, ret, (ret == 1 ? payloadAppId : clientAppId));
}
snort_free(session->tsession->tls_cname);
session->tsession->tls_cname = nullptr;
{
size = strlen(session->tsession->tls_orgUnit);
if ((ret = ssl_scan_cname((const u_int8_t*)session->tsession->tls_orgUnit, size,
- &ClientAppId, &payloadAppId, &pConfig->serviceSslConfig)))
+ &clientAppId, &payloadAppId, &pConfig->serviceSslConfig)))
{
- setClientAppIdData(session, ClientAppId, nullptr);
+ setClientAppIdData(session, clientAppId, nullptr);
setPayloadAppIdData(session, (ApplicationId)payloadAppId, nullptr);
- setSSLSquelch(p, ret, (ret == 1 ? payloadAppId : ClientAppId));
+ setSSLSquelch(p, ret, (ret == 1 ? payloadAppId : clientAppId));
}
snort_free(session->tsession->tls_orgUnit);
session->tsession->tls_orgUnit = nullptr;
entry->flags |= extractsInfo;
else
ErrorMessage(
- "AppId: Failed to find a client application module forAppId: %d - %p\n",
+ "AppId: Failed to find a client application module for AppId: %d - %p\n",
appId, (void*)data);
}
else
if (pAppidActiveConfig->mod_config->instance_id && pConfig)
{
entry = appInfoEntryGet(appId, pConfig);
- if (entry && entry->flags & APPINFO_FLAG_ACTIVE)
- {
- fprintf(SF_DEBUG_FILE, "add service\n");
+ if ( entry && ( entry->flags & APPINFO_FLAG_ACTIVE ) )
fprintf(SF_DEBUG_FILE, "Detected AppId %d\n", entry->appId);
- }
}
}
);
AppId getAppId(void* ssnptr);
+void dump_appid_stats();
#ifdef FW_TRACKER_DEBUG
void logAppIdInfo(SFSnortPacket* p, char* message, AppId id);
}
}
-HostPortVal* hostPortAppCacheFind(
- const sfip_t* snort_ip, uint16_t port, IpProtocol protocol, const AppIdConfig* pConfig)
+HostPortVal* hostPortAppCacheFind(const sfip_t* snort_ip, uint16_t port, IpProtocol protocol,
+ const AppIdConfig* pConfig)
{
HostPortKey hk;
sfip_set_ip(&hk.ip, snort_ip);
return (HostPortVal*)sfxhash_find(pConfig->hostPortCache, &hk);
}
-int hostPortAppCacheAdd(const in6_addr* ip, uint16_t port, IpProtocol proto, unsigned type,
+int hostPortAppCacheAdd(const sfip_t* ip, uint16_t port, IpProtocol proto, unsigned type,
AppId appId, AppIdConfig* pConfig)
{
HostPortKey hk;
void hostPortAppCacheInit(AppIdConfig*);
void hostPortAppCacheFini(AppIdConfig*);
-// FIXIT-M: Should proto be IpProtocol or ProtocolId?
-HostPortVal* hostPortAppCacheFind(
- const sfip_t*, uint16_t port, IpProtocol proto, const AppIdConfig*);
-
-int hostPortAppCacheAdd(
- const in6_addr*, uint16_t port, IpProtocol proto, unsigned type, AppId, AppIdConfig*);
+HostPortVal* hostPortAppCacheFind(const sfip_t*, uint16_t port, IpProtocol proto,
+ const AppIdConfig*);
+int hostPortAppCacheAdd(const sfip_t*, uint16_t port, IpProtocol proto, unsigned type,
+ AppId, AppIdConfig*);
void hostPortAppCacheDump(const AppIdConfig*);
#endif
static void FreeDetectorAppUrlPattern(DetectorAppUrlPattern* pattern);
-// FIXIT-H J lifetime of detector is easy to misuse with this idiom
+static inline int ConvertStringToAddress(const char* string, sfip_t* address)
+{
+ int af;
+ struct in6_addr buf;
+
+ if (strchr(string, ':'))
+ af = AF_INET6;
+ else if (strchr(string, '.'))
+ af = AF_INET;
+ else
+ return 0;
+
+ if (inet_pton(af, string, &buf))
+ {
+ if (sfip_set_raw(address, &buf, af) != SFIP_SUCCESS)
+ return 0;
+ }
+ else
+ return 0;
+
+ return 1; // success
+}
+
+// FIXIT-M lifetime of detector is easy to misuse with this idiom
// Leaves 1 value (the Detector userdata) at the top of the stack
Detector* createDetector(lua_State* L, const char* detectorName)
{
// FIXIT-M J should go in a different table maybe?
lua_pushvalue(L, -1);
detector->detectorUserDataRef = luaL_ref(L, LUA_REGISTRYINDEX);
-
return detector;
}
if ( !detector->server.pServiceElement )
{
detector->server.pServiceElement = new RNAServiceElement;
- assert(detector->server.pServiceElement);
detector->server.pServiceElement->name = detector->server.serviceModule.name;
}
auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
- // FIXIT-H J none of these params check for signedness casting issues
+ // FIXIT-M none of these params check for signedness casting issues
// FIXIT-M: May want to create a lua_toipprotocol() so we can handle
// error checking in that function.
int protocol = lua_tonumber(L, index++);
static int Detector_htons(lua_State* L)
{
- // FIXIT-L J ignoring arg #1, as it is unused
+ // FIXIT-L ignoring arg #1, as it is unused
// auto* ud = UserData<Detector>::check(L, DETECTOR, 1);
unsigned short aShort = lua_tonumber(L, 2);
static int Detector_htonl(lua_State* L)
{
- // FIXIT-L J ignoring arg #1, as it is unused
+ // FIXIT-L ignoring arg #1, as it is unused
// auto* ud = UserData<Detector>::check(L, DETECTOR, 1);
unsigned int anInt = lua_tonumber(L, 2);
case LUA_LOG_ERR:
case LUA_LOG_WARN:
- // FIXIT-L J should WARN do a WarningMessage instead?
ErrorMessage("%s:%s\n", name, message);
break;
if ( !ud->validateParams.pkt || !ud->validateParams.pkt->has_ip() )
{
- // FIXIT-H J why the inconsistent use of checkstack?
+ // FIXIT-M J why the inconsistent use of checkstack?
lua_checkstack (L, 1);
lua_pushnumber(L, 0);
return 1;
}
lua_checkstack (L, 1);
- // FIXIT-H: is this conversion to double valid?
+ // FIXIT-M: is this conversion to double valid?
lua_pushnumber(L, (double)ud->validateParams.pkt->get_ip_proto_next() );
return 1;
}
{
auto& ud = *UserData<Detector>::check(L, DETECTOR, 1);
- CHECK_INPUTS();
+ //CHECK_INPUTS();
+ if ( !ud->validateParams.pkt )
+ {
+ lua_pushnumber(L, SERVICE_ENULL);
+ return 1;
+ }
auto df = new DetectorFlow();
df->pFlow = ud->validateParams.flowp;
+ UserData<DetectorFlow>::push(L, DETECTORFLOW, df);
- UserData<DetectorFlow>::push(L, "DetectorFlow", df);
+ df->myLuaState = L;
+ lua_pushvalue(L, -1);
+ df->userDataRef = luaL_ref(L, LUA_REGISTRYINDEX);
+ sflist_add_tail(&allocatedFlowList, df);
return 1;
}
uint32_t payload = lua_tointeger(L, index++);
/*uint32_t payload_type =*/ lua_tointeger(L, index++);
- // FIXIT-H J should this be inverted?
+ // FIXIT-M should this be inverted?
if (ud->validateParams.pkt)
{
ErrorMessage(
type = lua_tointeger(L, index++);
app_id = (AppId)lua_tointeger(L, index++);
-
pattern_size = 0;
const char* tmpString = lua_tolstring(L, index++, &pattern_size);
if (!tmpString || !pattern_size)
ErrorMessage("Invalid SSL Host pattern string");
return 0;
}
- pattern_str = (uint8_t*)snort_strdup(tmpString);
#ifdef REMOVED_WHILE_NOT_IN_USE
+ pattern_str = (uint8_t*)snort_strdup(tmpString);
if (!ssl_add_cert_pattern(pattern_str, pattern_size, type, app_id,
&ud->pAppidNewConfig->serviceSslConfig))
{
ErrorMessage("Invalid SSL Host pattern string");
return 0;
}
- pattern_str = (uint8_t*)snort_strdup(tmpString);
#ifdef REMOVED_WHILE_NOT_IN_USE
+ pattern_str = (uint8_t*)snort_strdup(tmpString);
if (!ssl_add_cname_pattern(pattern_str, pattern_size, type, app_id,
&ud->pAppidNewConfig->serviceSslConfig))
{
int index = 1;
uint8_t type;
AppId app_id;
- in6_addr ip6Addr;
+ sfip_t ip_addr;
auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
if ( ud->validateParams.pkt )
type = lua_tointeger(L, index++);
app_id = (AppId)lua_tointeger(L, index++);
-
ipaddr_size = 0;
- const char* tmpString = lua_tolstring(L, index++, &ipaddr_size);
- if (!tmpString || !ipaddr_size)
+ const char* ip_str= lua_tolstring(L, index++, &ipaddr_size);
+ if (!ip_str || !ipaddr_size || !ConvertStringToAddress(ip_str, &ip_addr))
{
- ErrorMessage("%s:Invalid ipaddr string\n",__func__);
+ ErrorMessage("%s: Invalid IP address: %s\n",__func__, ip_str);
return 0;
}
- if (!strchr(tmpString, ':'))
- {
- if (inet_pton(AF_INET, tmpString, &ip6Addr) <= 0)
- {
- ErrorMessage("%s: Invalid IP address: %s\n",__func__, tmpString);
- return 0;
- }
- // FIXIT-H J ip6Addr type is struct in6_addr, so...
- // ip6Addr.u6_addr32[0] = ip6Addr.u6_addr32[1] = 0;
- // ip6Addr.u6_addr32[2] = ntohl(0x0000ffff);
- }
- else
- {
- if (inet_pton(AF_INET6, tmpString, &ip6Addr) <= 0)
- {
- ErrorMessage("%s: Invalid IP address: %s\n",__func__, tmpString);
- return 0;
- }
- }
unsigned port = lua_tointeger(L, index++);
unsigned proto = lua_tointeger(L, index++);
return 0;
}
- if (!hostPortAppCacheAdd(&ip6Addr, (uint16_t)port, (IpProtocol)proto, type, app_id,
- ud->pAppidNewConfig))
+ if (!hostPortAppCacheAdd(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id,
+ ud->pAppidNewConfig))
{
ErrorMessage("%s:Failed to backend call\n",__func__);
}
static inline int CHPGetActionType(lua_State* L, int index, ActionType* action_type)
{
*action_type = (ActionType)lua_tointeger(L, index);
+ // FIXIT-M: many lua detectors call this with action_type == 14, max is set to 14...is this an issue or a feature
if (*action_type < NO_ACTION || *action_type > MAX_ACTION_TYPE)
{
- ErrorMessage("LuaDetectorApi:Incompatible CHP Action type, might be for a later version.");
+ WarningMessage("LuaDetectorApi:Incompatible CHP Action type, might be for a later version.");
return -1;
}
return 0;
tmpString = lua_tolstring(L, index++, &queryPatternSize);
if (tmpString && queryPatternSize)
queryPattern = (u_int8_t*)snort_strdup(tmpString);
- else
- {
- ErrorMessage("Invalid query pattern string.");
- snort_free(hostPattern);
- snort_free(pathPattern);
- snort_free(schemePattern);
- return 0;
- }
u_int32_t appId = lua_tointeger(L, index++);
size_t hostPatternSize = 0;
u_int8_t* hostPattern = nullptr;
tmpString = lua_tolstring(L, index++, &hostPatternSize);
- // FIXIT - recode all this to something elegant since snort_strdup can't fail (just like Rudy)
+ // FIXIT-L: recode all this to something elegant since snort_strdup can't fail (just like Rudy)
if (!tmpString || !hostPatternSize || !(hostPattern = (u_int8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid host pattern string.");
size_t pathPatternSize = 0;
u_int8_t* pathPattern = nullptr;
tmpString = lua_tolstring(L, index++, &pathPatternSize);
- // FIXIT - recode all this to something elegant since snort_strdup can't fail (just like Rudy)
+ // FIXIT-L: recode all this to something elegant since snort_strdup can't fail (just like Rudy)
if (!tmpString || !pathPatternSize || !(pathPattern = (u_int8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid path pattern string.");
size_t schemePatternSize;
u_int8_t* schemePattern = nullptr;
tmpString = lua_tolstring(L, index++, &schemePatternSize);
- // FIXIT - recode all this to something elegant since snort_strdup can't fail (just like Rudy)
+ // FIXIT-L: recode all this to something elegant since snort_strdup can't fail (just like Rudy)
if (!tmpString || !schemePatternSize || !(schemePattern = (u_int8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid scheme pattern string.");
return 0;
}
- // FIXIT - uncomment when sip detector is included in the build
+ // FIXIT-M: uncomment when sip detector is included in the build
#ifdef REMOVED_WHILE_NOT_IN_USE
sipServerPatternAdd(client_app, clientVersion, uaPattern,
&ud->pAppidNewConfig->detectorSipConfig);
return 0;
}
-static inline int ConvertStringToAddress(const char* string, sfip_t* address)
-{
- int af;
- struct in6_addr buf;
-
- if (strchr(string, ':'))
- af = AF_INET6;
- else if (strchr(string, '.'))
- af = AF_INET;
- else
- return 0;
-
- if (inet_pton(af, string, &buf))
- {
- if (sfip_set_raw(address, &buf, af) != SFIP_SUCCESS)
- return 0;
- }
- else
- return 0;
-
- return 1; // success
-}
-
/**Creates a future flow based on the current flow. When the future flow is
* seen, the app ID will simply be declared with the info given here.
*
/*check inputs and whether this function is called in context of a packet */
if ( !ud->validateParams.pkt )
- {
return 0;
- }
pattern = (char*)lua_tostring(L, 2);
if (!ConvertStringToAddress(pattern, &client_addr))
return 0;
server_port = lua_tonumber(L, 5);
-
proto = (IpProtocol)lua_tonumber(L, 6);
-
service_app_id = lua_tointeger(L, 7);
client_app_id = lua_tointeger(L, 8);
payload_app_id = lua_tointeger(L, 9);
-
app_id_to_snort = lua_tointeger(L, 10);
if (app_id_to_snort > APP_ID_NONE)
{
snort_app_id = entry->snortId;
}
else
- {
snort_app_id = 0;
- }
fp = AppIdEarlySessionCreate(ud->validateParams.flowp,
ud->validateParams.pkt,
*/
static int Detector_gc(lua_State*)
{
+ // FIXIT-M Does Detector_gc need to not be a no-op
return 0;
}
static const luaL_reg Detector_meta[] =
{
- { "__gc", Detector_gc }, // FIXIT-M J As of right now, Detector_gc is a no-op
+ { "__gc", Detector_gc },
{ "__tostring", Detector_tostring },
{ 0, 0 }
};
snort_free(element->chp_action.pattern);
if (element->chp_action.action_data)
snort_free(element->chp_action.action_data);
- free (element);
+ snort_free (element);
}
}
snort_free(*(void**)&pattern->patterns.path.pattern);
if (pattern->patterns.scheme.pattern)
snort_free(*(void**)&pattern->patterns.scheme.pattern);
- // FIXIT - pattern still allocated with calloc/realloc
snort_free(pattern);
}
}
}
if (pConfig->httpPatternLists.appUrlList.urlPattern)
{
- snort_free(pConfig->httpPatternLists.appUrlList.urlPattern);
+ // FIXIT-M: still allocated by malloc/realloc
+ free(pConfig->httpPatternLists.appUrlList.urlPattern);
pConfig->httpPatternLists.appUrlList.urlPattern = nullptr;
}
pConfig->httpPatternLists.appUrlList.allocatedCount = 0;
if (pConfig->httpPatternLists.RTMPUrlList.urlPattern)
{
- snort_free(pConfig->httpPatternLists.RTMPUrlList.urlPattern);
+ free(pConfig->httpPatternLists.RTMPUrlList.urlPattern);
pConfig->httpPatternLists.RTMPUrlList.urlPattern = nullptr;
}
pConfig->httpPatternLists.RTMPUrlList.allocatedCount = 0;
if ( detectorUserDataRef != LUA_REFNIL )
luaL_unref(myLuaState, LUA_REGISTRYINDEX, detectorUserDataRef);
+ delete pFlow;
+
delete[] validatorBuffer;
}
-
class AppIdData;
struct RNAServiceElement;
+#define DETECTOR "Detector"
+#define DETECTORFLOW "DetectorFlow"
+
struct DetectorPackageInfo
{
struct UniInfo
{
- std::string initFunctionName = "DetectorInit"; // client init function
- std::string cleanFunctionName = "DetectorClean"; // client clean function
- std::string validateFunctionName = "DetectorValidate"; // client validate function
+ std::string initFunctionName; // FIXIT-M: clean this up = "DetectorInit"; // client init function
+ std::string cleanFunctionName; // = "DetectorClean"; // client clean function
+ std::string validateFunctionName; // = "DetectorValidate"; // client validate function
int minimum_matches = 0;
};
// cleaned; used at reload free and exit
AppIdConfig* pAppidNewConfig; ///< AppId context in which this detector should be
// loaded; used at initialization and reload
-
- /**Snort profiling stats for individual Lua detector.*/
- ProfileStats* pPerfStats;
};
int Detector_register(lua_State*);
/*static const char * LuaLogLabel = "luaDetectorFlowApi"; */
-#define DETECTOR "Detector"
-#define DETECTORFLOW "DetectorFlow"
-
-#if 1 // FIXIT-M hacks
-#endif
-
/* Lua flag bit/index to C flag value (0 for invalid). */
static const uint64_t FLAGS_TABLE_LUA_TO_C[32]
{
struct DetectorFlow
{
- // FIXIT-H J why is the lua state and user data ref on this object?
+ // FIXIT-M why is the lua state and user data ref on this object?
lua_State* myLuaState;
AppIdData* pFlow;
int userDataRef;
static lua_State* createLuaState()
{
- // FIXIT-H J should obtain lua states from lua state factory
auto L = luaL_newstate();
luaL_openlibs(L);
-// FIXIT-M J this is stupid, remove it
-#ifdef HAVE_LIBLUAJIT
- /*linked in during compilation */
- luaopen_jit(myLuaState);
-
- {
- static unsigned once = 0;
- if (!once)
- {
- lua_getfield(myLuaState, LUA_REGISTRYINDEX, "_LOADED");
- lua_getfield(myLuaState, -1, "jit"); /* Get jit.* module table. */
- lua_getfield (myLuaState, -1, "version");
- if (lua_isstring(myLuaState, -1))
- DEBUG_WRAP(DebugMessage(DEBUG_APPID, "LuaJIT: Version %s\n", lua_tostring(
- myLuaState, -1)); );
- lua_pop(myLuaState, 1);
- once = 1;
- }
- }
-
-#endif /*HAVE_LIBLUAJIT */
-
Detector_register(L);
// After detector register the methods are still on the stack, remove them
lua_pop(L, 1);
return L;
}
-#ifdef REMOVED_WHILE_NOT_IN_USE
-static void getDetectorPackageInfo(lua_State* L, Detector* detector, int fillDefaults)
-{
- tDetectorPackageInfo* pkg = &detector->packageInfo;
- lua_getglobal (L, "DetectorPackageInfo");
- if (!lua_istable(L, -1))
- {
- lua_pop(L, 1);
-
- if (fillDefaults)
- {
- /*set default values first */
- pkg->name = snort_strdup("NoName");
- pkg->server.initFunctionName = snort_strdup("DetectorInit");
- pkg->server.cleanFunctionName = snort_strdup("DetectorClean");
- pkg->server.validateFunctionName = snort_strdup("DetectorValidate");
- if (!pkg->name || !pkg->server.initFunctionName || !pkg->server.cleanFunctionName ||
- !pkg->server.validateFunctionName)
- _dpd.errMsg("failed to allocate package");
- }
- return;
- }
-
- /* Get all the variables */
- lua_getfield(L, -1, "name"); /* string */
- if (lua_isstring(L, -1))
- {
- pkg->name = snort_strdup(lua_tostring(L, -1));
- if (!pkg->name)
- _dpd.errMsg("failed to allocate package name");
- }
- else if (fillDefaults)
- {
- pkg->name = snort_strdup("NoName");
- if (!pkg->name)
- _dpd.errMsg("failed to allocate package name");
- }
- lua_pop(L, 1);
-
- lua_getfield(L, -1, "proto"); /* integer? */
- if (lua_isnumber(L, -1))
- {
- pkg->proto = lua_tointeger(L, -1);
- }
- lua_pop(L, 1);
-
- lua_getfield(L, -1, "client");
- if (lua_istable(L, -1))
- {
- lua_getfield(L, -1, "init"); /* string*/
- if (lua_isstring(L, -1))
- {
- pkg->client.initFunctionName = snort_strdup(lua_tostring(L, -1));
- if (!pkg->client.initFunctionName)
- _dpd.errMsg("failed to allocate client init function name");
- }
- lua_pop(L, 1);
-
- lua_getfield(L, -1, "clean"); /* string*/
- if (lua_isstring(L, -1))
- {
- pkg->client.cleanFunctionName = snort_strdup(lua_tostring(L, -1));
- if (!pkg->client.cleanFunctionName)
- lua_getfield(L, -1, "validate"); /* string*/
- if (lua_isstring(L, -1))
- {
- pkg->client.validateFunctionName = snort_strdup(lua_tostring(L, -1));
- if (!pkg->client.validateFunctionName)
- _dpd.errMsg("failed to allocate client validate function name");
- }
- lua_pop(L, 1);
-
- lua_getfield(L, -1, "minimum_matches"); /* integer*/
- if (lua_isnumber(L, -1))
- {
- pkg->client.minMatches = lua_tointeger(L, -1);
- }
- lua_pop(L, 1);
- }
- lua_pop(L, 1); /*pop client table */
-
- lua_getfield(L, -1, "server");
- if (lua_istable(L, -1))
- {
- lua_getfield(L, -1, "init"); /* string*/
- if (lua_isstring(L, -1))
- {
- pkg->server.initFunctionName = snort_strdup(lua_tostring(L, -1));
- if (!pkg->server.initFunctionName)
- _dpd.errMsg("failed to allocate server init function name");
- }
- else if (fillDefaults)
- {
- pkg->server.initFunctionName = snort_strdup("DetectorInit");
- if (!pkg->server.initFunctionName)
- _dpd.errMsg("failed to allocate server init function name");
- }
- lua_pop(L, 1);
-
- lua_getfield(L, -1, "clean"); /* string*/
- if (lua_isstring(L, -1))
- {
- pkg->server.cleanFunctionName = snort_strdup(lua_tostring(L, -1));
- if (!pkg->server.cleanFunctionName)
- _dpd.errMsg("failed to allocate server clean function name");
- }
- else if (fillDefaults)
- {
- pkg->server.cleanFunctionName = snort_strdup("DetectorClean");
- if (!pkg->server.cleanFunctionName)
- _dpd.errMsg("failed to allocate server clean function name");
- }
- lua_pop(L, 1);
-
- lua_getfield(L, -1, "validate"); /* string*/
- if (lua_isstring(L, -1))
- {
- pkg->server.validateFunctionName = snort_strdup(lua_tostring(L, -1));
- if (!pkg->server.validateFunctionName)
- _dpd.errMsg("failed to allocate server validate function name");
- }
- else if (fillDefaults)
- {
- pkg->server.validateFunctionName = snort_strdup("DetectorValidate");
- if (!pkg->server.validateFunctionName)
- _dpd.errMsg("failed to allocate server validate function name");
- }
- lua_pop(L, 1);
- }
- lua_pop(L, 1); /*pop server table */
-
- lua_pop(L, 1); /*pop DetectorPackageInfo table */
- }
-}
-
-#endif
-
// fetch or create packageInfo defined inside lua detector
static void getDetectorPackageInfo(Detector* detector)
{
// get proto
if ( !get_lua_field(L, -1, "proto", pkg.proto) )
{
- // FIXIT-M J error messages should use source info
ErrorMessage("DetectorPackageInfo field 'proto' is not a number\n");
}
// get client
lua_getfield(L, -1, "client");
- if ( !lua_istable(L, -1) )
- {
- // FIXIT-M J error messages should use source info
- ErrorMessage("DetectorPackageInfo field 'client' is not a table\n");
- }
- else
+ if ( lua_istable(L, -1) )
{
get_lua_field(L, -1, "init", pkg.client.initFunctionName);
get_lua_field(L, -1, "clean", pkg.client.cleanFunctionName);
// get server
lua_getfield(L, -1, "server");
- if ( !lua_istable(L, -1) )
- {
- // FIXIT-M J error messages should use source info
- ErrorMessage("DetectorPackageInfo field 'server' is not a table\n");
- }
- else
+ if ( lua_istable(L, -1) )
{
get_lua_field(L, -1, "init", pkg.server.initFunctionName);
get_lua_field(L, -1, "clean", pkg.server.cleanFunctionName);
get_lua_field(L, -1, "validate", pkg.server.validateFunctionName);
get_lua_field(L, -1, "minimum_matches", pkg.server.minimum_matches);
}
+
+ lua_pop(L, 1); /*pop server table */
+ lua_pop(L, 1); /*pop DetectorPackageInfo table */
}
/**Calls DetectorInit function inside lua detector.
auto L = detector->myLuaState;
const auto& server = detector->packageInfo.server;
- if ( server.initFunctionName.empty() )
- {
- ErrorMessage("Detector %s: DetectorInit() is not provided for server\n", name.c_str());
- return;
- }
-
lua_getglobal(L, server.initFunctionName.c_str());
-
if (!lua_isfunction(L, -1))
- {
- ErrorMessage("Detector %s: does not contain DetectorInit() function\n", name.c_str());
return;
- }
/*first parameter is DetectorUserData */
lua_rawgeti(L, LUA_REGISTRYINDEX, detector->detectorUserDataRef);
-
if ( lua_pcall(L, 1, 1, 0) )
{
ErrorMessage("error loading lua Detector %s, error %s\n",
if ( lua_pcall(L, 2, 1, 0) )
{
- // FIXIT shouldn't this be using detector->name?
ErrorMessage("Could not initialize the %s client app element: %s\n",
detector->name.c_str(), lua_tostring(L, -1));
return;
static inline void setLuaTrackerSize(lua_State* L, uint32_t numTrackers)
{
/*change flow tracker size according to available memory calculation */
- lua_getglobal(L, "hosServiceTrackerModule");
+ lua_getglobal(L, "hostServiceTrackerModule");
if (lua_istable(L, -1))
{
- lua_getfield(L, -1, "setHosServiceTrackerSize");
+ lua_getfield(L, -1, "setHostServiceTrackerSize");
if (lua_isfunction(L, -1))
{
lua_pushinteger (L, numTrackers);
}
else
{
-#ifdef LUA_DETECTOR_DEBUG
- DebugFormat(DEBUG_LOG, "hosServiceTrackerModule.setHosServiceTrackerSize not found");
-#endif
+ DebugMessage(DEBUG_LOG, "hostServiceTrackerModule.setHosServiceTrackerSize not found");
}
lua_pop(L, 1);
}
else
{
-#ifdef LUA_DETECTOR_DEBUG
- DebugFormat(DEBUG_LOG, "flowTrackerModule.setFlowTrackerSize not found");
-#endif
+ DebugMessage(DEBUG_LOG, "flowTrackerModule.setFlowTrackerSize not found");
}
lua_pop(L, 1);
}
if ( !L )
{
ErrorMessage("can not create new luaState");
- snort_free(validator);
+ delete[] validator;
return;
}
- if ( luaL_loadbuffer(L, validator, validatorLen, "<buffer>") ||
- lua_pcall(L, 0, 0, 0) )
+ if ( luaL_loadbuffer(L, validator, validatorLen, "<buffer>") || lua_pcall(L, 0, 0, 0) )
{
- ErrorMessage("cannot run validator %s, error: %s\n",
- detectorName, lua_tostring(L, -1));
-
+ ErrorMessage("cannot run validator %s, error: %s\n", detectorName, lua_tostring(L, -1));
lua_close(L);
- snort_free(validator);
-
+ delete[] validator;
return;
}
{
ErrorMessage("cannot allocate detector %s\n", detectorName);
lua_close(L);
- snort_free(validator);
-
+ delete[] validator;
return;
}
if ( detector->packageInfo.server.initFunctionName.empty() )
{
- assert(false); // FIXIT-H J cam is null at this point so... WOMP
+ //assert(false); // FIXIT-M cam is null at this point so... WOMP
detector->client.appFpId = APP_ID_UNKNOWN;
cam = &detector->client.appModule;
// cam->name = detector->packageInfo.name;
{
detector->server.pServiceElement->validate = validateAnyService;
detector->server.pServiceElement->userdata = detector;
-
detector->server.pServiceElement->detectorType = DETECTOR_TYPE_DECODER;
}
}
basename = strrchr(globs.gl_pathv[n], '/');
if (!basename)
- {
basename = globs.gl_pathv[n];
- }
basename++;
snprintf(detectorName, LUA_DETECTOR_FILENAME_MAX, "%s_%s", (isCustom ? "custom" : "cisco"),
}
auto validatorBuffer = new uint8_t[validatorBufferLen + 1]();
-
if (fread(validatorBuffer, validatorBufferLen, 1, file) == 0)
{
ErrorMessage("Failed to read lua detector %s\n",globs.gl_pathv[n]);
}
validatorBuffer[validatorBufferLen] = '\0';
-
MD5INIT(&context);
MD5UPDATE(&context, validatorBuffer, validatorBufferLen);
MD5FINAL(digest, &context);
- // FIXIT-H J this finds the wrong detector -- it should be find_last_of
+ // FIXIT-M this finds the wrong detector -- it should be find_last_of
auto it = std::find_if(
allocatedDetectorList.begin(),
allocatedDetectorList.end(),
}
char path[PATH_MAX];
-
snprintf(path, sizeof(path), "%s/odp/lua", pAppidActiveConfig->mod_config->app_detector_dir);
loadCustomLuaModules(path, pConfig, 0);
snprintf(path, sizeof(path), "%s/custom/lua",
/*flow can be freed during garbage collection */
sflist_static_free_all(&allocatedFlowList, freeDetectorFlow);
+ for ( auto& detector : allocatedDetectorList )
+ delete detector;
allocatedDetectorList.clear();
}
{
size_t totalMem = 0;
size_t mem;
+ uint32_t total_detectors = 0;
if ( allocatedDetectorList.empty() )
return;
- LogMessage("Lua detector Stats");
+ LogMessage("Lua Detector Stats:\n");
for ( auto& detector : allocatedDetectorList )
{
mem = lua_gc(detector->myLuaState, LUA_GCCOUNT, 0);
totalMem += mem;
- LogMessage(" Detector %s: Lua Memory usage %zu kb", detector->name.c_str(), mem);
+ total_detectors++;
+ LogMessage("\tDetector %s: Lua Memory usage %zu kb\n", detector->name.c_str(), mem);
}
- LogMessage("Lua Stats total memory usage %zu kb", totalMem);
+ LogMessage("Lua Stats total detectors: %u\n", total_detectors);
+ LogMessage("Lua Stats total memory usage %zu kb\n", totalMem);
}
{
auto ud = static_cast<UserData<T>*>(lua_newuserdata(L, sizeof(UserData<T>)));
assert(ud);
-
ud->ptr = ptr;
-
luaL_getmetatable(L, meta);
- // metatable should already be in registry at this point
- assert(lua_istable(L, -1));
+ // FIXIT-L: clean this up if not needed or enable the assert...metatable should already be in registry at this point
+ //assert(lua_istable(L, -1));
lua_setmetatable(L, -2);
return ud;
(tPatternNode*)snort_calloc((partTotal - 1) * sizeof(tPatternNode));
patternId = gPatternId++;
i = 0;
- patterns = inputPatternList+i;
+ patterns = inputPatternList + i;
/*initialize primary Node */
tmpPrimaryNode->patternNode.pattern.pattern = patterns->pattern;
projects / thirdparty / snort3.git / commitdiff
