#include "appid_session.h"
#include "appid_session_api.h"
#include "app_info_table.h"
+#include "service_plugins/service_ssl.h"
#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_session_api.h"
#endif
return sizeof(*appHA);
}
+bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name, const char* common_name, AppId& service_id, AppId& client_id, AppId& payload_id)
+{
+ AppIdSession* asd;
+ service_id = APP_ID_NONE;
+ client_id = APP_ID_NONE;
+ payload_id = APP_ID_NONE;
+
+ if (common_name)
+ ssl_scan_cname((const uint8_t*)common_name, strlen(common_name), client_id, payload_id);
+
+ if (server_name)
+ ssl_scan_hostname((const uint8_t*)server_name, strlen(server_name), client_id, payload_id);
+
+ if (flow and (asd = get_appid_session(*flow)))
+ {
+ service_id = asd->get_application_ids_service();
+ if (client_id == APP_ID_NONE)
+ client_id = asd->get_application_ids_client();
+ if (payload_id == APP_ID_NONE)
+ payload_id = asd->get_application_ids_payload();
+ }
+
+ if (service_id != APP_ID_NONE or client_id != APP_ID_NONE or payload_id != APP_ID_NONE)
+ {
+ return true;
+ }
+
+ return false;
+}
+
AppIdSessionApi* AppIdApi::create_appid_session_api(Flow& flow)
{
AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
uint32_t produce_ha_state(Flow& flow, uint8_t* buf);
uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol,
SfIp*, uint16_t initiatorPort);
+ bool ssl_app_group_id_lookup(Flow* flow, const char*, const char*, AppId& service_id, AppId& client_id, AppId& payload_id);
AppIdSessionApi* create_appid_session_api(Flow& flow);
void free_appid_session_api(AppIdSessionApi* api);
};
nullptr
};
-// @returns 1 if some appid is found, 0 otherwise.
-//int sslAppGroupIdLookup(void* ssnptr, const char* serverName, const char* commonName,
-// AppId* service_id, AppId* client_id, AppId* payload_id)
-int sslAppGroupIdLookup(void*, const char*, const char*, AppId*, AppId*, AppId*)
-{
- // FIXIT-M determine need and proper location for this code when support for ssl is implemented
- // also once this is done the call to get the appid config should change to use the
- // config assigned to the flow being processed
-#ifdef REMOVED_WHILE_NOT_IN_USE
- AppIdSession* asd;
- *service_id = *client_id = *payload_id = APP_ID_NONE;
-
- if (commonName)
- {
- ssl_scan_cname((const uint8_t*)commonName, strlen(commonName), client_id, payload_app_id,
- &get_appid_config()->serviceSslConfig);
- }
- if (serverName)
- {
- ssl_scan_hostname((const uint8_t*)serverName, strlen(serverName), client_id,
- payload_app_id, &get_appid_config()->serviceSslConfig);
- }
-
- if (ssnptr && (asd = appid_api.get_appid_session(ssnptr)))
- asd->get_application_ids(*service_id, *client_id, *payload_id);
-
- if (*service_id != APP_ID_NONE ||
- *client_id != APP_ID_NONE ||
- *payload_id != APP_ID_NONE)
- {
- return 1;
- }
-#endif
-
- return 0;
-}
};
-int sslAppGroupIdLookup(void*, const char*, const char*, AppId*, AppId*, AppId*);
-
#endif
{
size_t size = strlen(tls_str);
if ((ret = ssl_scan_hostname((const uint8_t*)tls_str, size,
- &client_id, &payload_id)))
+ client_id, payload_id)))
{
set_client_appid_data(client_id, nullptr, change_bits);
set_payload_appid_data((AppId)payload_id, nullptr, change_bits);
{
size_t size = strlen(tls_str);
if ((ret = ssl_scan_cname((const uint8_t*)tls_str, size,
- &client_id, &payload_id)))
+ client_id, payload_id)))
{
set_client_appid_data(client_id, nullptr, change_bits);
set_payload_appid_data((AppId)payload_id, nullptr, change_bits);
{
size_t size = strlen(tls_str);
if ((ret = ssl_scan_cname((const uint8_t*)tls_str, size,
- &client_id, &payload_id)))
+ client_id, payload_id)))
{
set_client_appid_data(client_id, nullptr, change_bits);
set_payload_appid_data((AppId)payload_id, nullptr, change_bits);
}
static int ssl_scan_patterns(SearchTool* matcher, const uint8_t* data, size_t size,
- AppId* ClientAppId, AppId* payloadId)
+ AppId& client_id, AppId& payload_id)
{
MatchedSSLPatterns* mp = nullptr;
SSLCertPattern* best_match;
{
/* type 0 means WEB APP */
case 0:
- *ClientAppId = APP_ID_SSL_CLIENT;
- *payloadId = best_match->appId;
+ client_id = APP_ID_SSL_CLIENT;
+ payload_id = best_match->appId;
break;
/* type 1 means CLIENT */
case 1:
- *ClientAppId = best_match->appId;
- *payloadId = 0;
+ client_id = best_match->appId;
+ payload_id = 0;
break;
default:
return 0;
return 1;
}
-int ssl_scan_hostname(const uint8_t* hostname, size_t size, AppId* ClientAppId, AppId* payloadId)
+int ssl_scan_hostname(const uint8_t* hostname, size_t size, AppId& client_id, AppId& payload_id)
{
- return ssl_scan_patterns(service_ssl_config.ssl_host_matcher, hostname, size, ClientAppId,
- payloadId);
+ return ssl_scan_patterns(service_ssl_config.ssl_host_matcher, hostname, size, client_id,
+ payload_id);
}
-int ssl_scan_cname(const uint8_t* common_name, size_t size, AppId* ClientAppId, AppId* payloadId)
+int ssl_scan_cname(const uint8_t* common_name, size_t size, AppId& client_id, AppId& payload_id)
{
- return ssl_scan_patterns(service_ssl_config.ssl_cname_matcher, common_name, size, ClientAppId,
- payloadId);
+ return ssl_scan_patterns(service_ssl_config.ssl_cname_matcher, common_name, size, client_id,
+ payload_id);
}
void service_ssl_clean()
bool is_service_over_ssl(AppId);
void service_ssl_clean();
int ssl_detector_process_patterns();
-int ssl_scan_hostname(const uint8_t*, size_t, AppId*, AppId*);
-int ssl_scan_cname(const uint8_t*, size_t, AppId*, AppId*);
+int ssl_scan_hostname(const uint8_t*, size_t, AppId&, AppId&);
+int ssl_scan_cname(const uint8_t*, size_t, AppId&, AppId&);
int ssl_add_cert_pattern(uint8_t*, size_t, uint8_t, AppId);
int ssl_add_cname_pattern(uint8_t*, size_t, uint8_t, AppId);
void ssl_detector_free_patterns();
*/
}
+TEST(appid_api, ssl_app_group_id_lookup)
+{
+ AppId service, client, payload = APP_ID_NONE;
+ bool val = false;
+ mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE;
+ val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, service, client, payload);
+ CHECK_TRUE(!val);
+ CHECK_EQUAL(service, APP_ID_NONE);
+ CHECK_EQUAL(client, APP_ID_NONE);
+ CHECK_EQUAL(payload, APP_ID_NONE);
+ mock_session->common.flow_type = APPID_FLOW_TYPE_NORMAL;
+ val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, service, client, payload);
+ CHECK_TRUE(val);
+ CHECK_EQUAL(service, APPID_UT_ID);
+ CHECK_EQUAL(client, APPID_UT_ID);
+ CHECK_EQUAL(payload, APPID_UT_ID);
+ service = APP_ID_NONE;
+ client = APP_ID_NONE;
+ payload = APP_ID_NONE;
+ val = appid_api.ssl_app_group_id_lookup(flow, (const char*)APPID_UT_TLS_HOST, (const char*)APPID_UT_TLS_HOST, service, client, payload);
+ CHECK_TRUE(val);
+ CHECK_EQUAL(client, APPID_UT_ID + 1);
+ CHECK_EQUAL(payload, APPID_UT_ID + 1);
+}
+
TEST(appid_api, create_appid_session_api)
{
AppIdSessionApi* appid_session_api = appid_api.create_appid_session_api(*flow);
return true;
}
+int ssl_scan_hostname(const uint8_t*, size_t, AppId& client_id, AppId&)
+{
+ client_id = APPID_UT_ID + 1;
+ return 1;
+}
+
+int ssl_scan_cname(const uint8_t*, size_t, AppId&, AppId& payload_id)
+{
+ payload_id = APPID_UT_ID + 1;
+ return 1;
+}
+
#endif
projects / thirdparty / snort3.git / commitdiff
