From: Shravan Rangarajuvenkata (shrarang) Date: Fri, 31 Jan 2020 18:27:51 +0000 (+0000) Subject: Merge pull request #1964 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt_2 to... X-Git-Tag: 3.0.0-268~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0265b2eaaf40dcc16bf9057da4174f3945fc5afe;p=thirdparty%2Fsnort3.git Merge pull request #1964 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt_2 to master Squashed commit of the following: commit d581343cebbbb26244cfd6cba4eeddddc308cf50 Author: Shravan Rangaraju Date: Wed Jan 22 14:53:39 2020 -0500 appid: load app mapping data to odp context --- diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index e15411fb2..6736b6f61 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -29,25 +29,17 @@ #include #include -#include "appid_api.h" -#include "appid_config.h" -#include "appid_inspector.h" -#include "appid_peg_counts.h" #include "log/unified2.h" #include "main/snort_config.h" #include "target_based/snort_protocols.h" #include "utils/util_cstring.h" +#include "appid_api.h" +#include "appid_config.h" +#include "appid_inspector.h" +#include "appid_peg_counts.h" using namespace snort; -static AppInfoTable app_info_table; -static AppInfoTable app_info_service_table; -static AppInfoTable app_info_client_table; -static AppInfoTable app_info_payload_table; -static AppInfoNameTable app_info_name_table; -static AppId next_custom_appid = SF_APPID_DYNAMIC_MIN; -static AppInfoTable custom_app_info_table; - #define MAX_TABLE_LINE_LEN 1024 static const char* CONF_SEPARATORS = "\t\n\r"; static const int MIN_MAX_TP_FLOW_DEPTH = 1; @@ -80,7 +72,7 @@ AppInfoTableEntry::~AppInfoTableEntry() snort_free(app_name_key); } -static bool is_existing_entry(AppInfoTableEntry* entry) +bool AppInfoManager::is_existing_entry(AppInfoTableEntry* entry) { AppInfoNameTable::iterator app; @@ -88,7 +80,7 @@ static bool is_existing_entry(AppInfoTableEntry* entry) return app != app_info_name_table.end(); } -static AppInfoTableEntry* find_app_info_by_name(const char* app_name) +AppInfoTableEntry* AppInfoManager::find_app_info_by_name(const char* app_name) { AppInfoTableEntry* entry = nullptr; AppInfoNameTable::iterator app; @@ -102,7 +94,7 @@ static AppInfoTableEntry* find_app_info_by_name(const char* app_name) return entry; } -static bool add_entry_to_app_info_name_table(const char* app_name, AppInfoTableEntry* entry) +bool AppInfoManager::add_entry_to_app_info_name_table(const char* app_name, AppInfoTableEntry* entry) { bool added = true; @@ -119,7 +111,7 @@ static bool add_entry_to_app_info_name_table(const char* app_name, AppInfoTableE return added; } -static AppId get_static_app_info_entry(AppId appid) +AppId AppInfoManager::get_static_app_info_entry(AppId appid) { if (appid > 0 && appid < SF_APPID_BUILDIN_MAX) return appid; @@ -274,7 +266,7 @@ void AppInfoManager::set_app_info_active(AppId appId) ParseWarning(WARN_PLUGINS, "appid: no entry in %s for %d", APP_MAPPING_FILE, appId); } -void AppInfoManager::load_appid_config(OdpContext& odp_ctxt, const char* path) +void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) { char buf[MAX_TABLE_LINE_LEN]; unsigned line = 0; @@ -607,16 +599,16 @@ SnortProtocolId AppInfoManager::add_appid_protocol_reference(const char* protoco return snort_protocol_id; } -void AppInfoManager::init_appid_info_table(AppIdConfig* config, +void AppInfoManager::init_appid_info_table(AppIdConfig& config, SnortConfig* sc, OdpContext& odp_ctxt) { - if ( !config->app_detector_dir ) + if ( !config.app_detector_dir ) { return; // no lua detectors, no rule support, already warned } char filepath[PATH_MAX]; - snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir, + snprintf(filepath, sizeof(filepath), "%s/odp/%s", config.app_detector_dir, APP_MAPPING_FILE); FILE* tableFile = fopen(filepath, "r"); @@ -707,15 +699,15 @@ void AppInfoManager::init_appid_info_table(AppIdConfig* config, } fclose(tableFile); - snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir, + snprintf(filepath, sizeof(filepath), "%s/odp/%s", config.app_detector_dir, APP_CONFIG_FILE); - load_appid_config (odp_ctxt, filepath); - snprintf(filepath, sizeof(filepath), "%s/custom/%s", config->app_detector_dir, + load_odp_config(odp_ctxt, filepath); + snprintf(filepath, sizeof(filepath), "%s/custom/%s", config.app_detector_dir, USR_CONFIG_FILE); if (access (filepath, F_OK)) - snprintf(filepath, sizeof(filepath), "%s/../%s", config->app_detector_dir, + snprintf(filepath, sizeof(filepath), "%s/../%s", config.app_detector_dir, USR_CONFIG_FILE); - load_appid_config (odp_ctxt, filepath); + load_odp_config(odp_ctxt, filepath); } } diff --git a/src/network_inspectors/appid/app_info_table.h b/src/network_inspectors/appid/app_info_table.h index 370483b0c..57cc59bed 100644 --- a/src/network_inspectors/appid/app_info_table.h +++ b/src/network_inspectors/appid/app_info_table.h @@ -92,12 +92,6 @@ typedef std::unordered_map AppInfoNameTable; class AppInfoManager { public: - static inline AppInfoManager& get_instance() - { - static AppInfoManager instance; - return instance; - } - AppInfoTableEntry* get_app_info_entry(AppId); AppInfoTableEntry* add_dynamic_app_entry(const char* app_name); AppId get_appid_by_service_id(uint32_t); @@ -143,15 +137,26 @@ public: return entry ? entry->priority : 0; } - void init_appid_info_table(AppIdConfig*, snort::SnortConfig*, OdpContext& odp_ctxt); + void init_appid_info_table(AppIdConfig&, snort::SnortConfig*, OdpContext& odp_ctxt); void cleanup_appid_info_table(); void dump_app_info_table(); SnortProtocolId add_appid_protocol_reference(const char* protocol, snort::SnortConfig*); private: - inline AppInfoManager() = default; - void load_appid_config(OdpContext&, const char* path); + void load_odp_config(OdpContext&, const char* path); AppInfoTableEntry* get_app_info_entry(AppId appId, const AppInfoTable&); + bool is_existing_entry(AppInfoTableEntry* entry); + AppInfoTableEntry* find_app_info_by_name(const char* app_name); + bool add_entry_to_app_info_name_table(const char* app_name, AppInfoTableEntry* entry); + AppId get_static_app_info_entry(AppId appid); + + AppInfoTable app_info_table; + AppInfoTable app_info_service_table; + AppInfoTable app_info_client_table; + AppInfoTable app_info_payload_table; + AppInfoNameTable app_info_name_table; + AppId next_custom_appid = SF_APPID_DYNAMIC_MIN; + AppInfoTable custom_app_info_table; }; #endif diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index ebdc1b19a..1a89dc867 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -49,19 +49,18 @@ AppIdSession* AppIdApi::get_appid_session(const Flow& flow) return (asd && asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) ? asd : nullptr; } -const char* AppIdApi::get_application_name(AppId app_id) +const char* AppIdApi::get_application_name(AppId app_id, AppIdContext& ctxt) { - return AppInfoManager::get_instance().get_app_name(app_id); + return ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); } const char* AppIdApi::get_application_name(const Flow& flow, bool from_client) { const char* app_name = nullptr; - AppId appid = APP_ID_NONE; AppIdSession* asd = get_appid_session(flow); if (asd) { - appid = asd->pick_payload_app_id(); + AppId appid = asd->pick_payload_app_id(); if (appid <= APP_ID_NONE) appid = asd->pick_misc_app_id(); if (!appid and from_client) @@ -76,16 +75,17 @@ const char* AppIdApi::get_application_name(const Flow& flow, bool from_client) if (!appid) appid = asd->pick_client_app_id(); } + if (appid > APP_ID_NONE && appid < SF_APPID_MAX) + app_name = asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(appid); + } - if (appid > APP_ID_NONE && appid < SF_APPID_MAX) - app_name = AppInfoManager::get_instance().get_app_name(appid); return app_name; } -AppId AppIdApi::get_application_id(const char* appName) +AppId AppIdApi::get_application_id(const char* appName, AppIdContext& ctxt) { - return AppInfoManager::get_instance().get_appid_by_name(appName); + return ctxt.get_odp_ctxt().get_app_info_mgr().get_appid_by_name(appName); } #define APPID_HA_FLAGS_APP ( 1 << 0 ) @@ -139,7 +139,7 @@ uint32_t AppIdApi::consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t, IpP asd = new AppIdSession(proto, ip, port, *inspector); flow.set_flow_data(asd); - asd->service.set_id(appHA->appId[1]); + asd->service.set_id(appHA->appId[1], asd->ctxt.get_odp_ctxt()); if (asd->service.get_id() == APP_ID_FTP_CONTROL) { asd->set_session_flags(APPID_SESSION_CLIENT_DETECTED | @@ -176,7 +176,7 @@ uint32_t AppIdApi::consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t, IpP asd->set_session_flags(APPID_SESSION_HTTP_SESSION); asd->set_tp_app_id(appHA->appId[0]); - asd->service.set_id(appHA->appId[1]); + asd->service.set_id(appHA->appId[1], asd->ctxt.get_odp_ctxt()); asd->client_inferred_service_id = appHA->appId[2]; asd->service.set_port_service_id(appHA->appId[3]); asd->payload.set_id(appHA->appId[4]); diff --git a/src/network_inspectors/appid/appid_api.h b/src/network_inspectors/appid/appid_api.h index d883645ee..19e628ee2 100644 --- a/src/network_inspectors/appid/appid_api.h +++ b/src/network_inspectors/appid/appid_api.h @@ -29,6 +29,7 @@ enum class IpProtocol : uint8_t; +class AppIdContext; class AppIdSession; namespace snort @@ -52,9 +53,9 @@ public: SO_PRIVATE AppIdApi() = default; AppIdSession* get_appid_session(const Flow& flow); - const char* get_application_name(AppId app_id); + const char* get_application_name(AppId app_id, AppIdContext& ctxt); const char* get_application_name(const Flow& flow, bool from_client); - AppId get_application_id(const char* appName); + AppId get_application_id(const char* appName, AppIdContext& ctxt); uint32_t produce_ha_state(const Flow& flow, uint8_t* buf); uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol, SfIp*, uint16_t initiatorPort); diff --git a/src/network_inspectors/appid/appid_app_descriptor.h b/src/network_inspectors/appid/appid_app_descriptor.h index 2092c639c..8b44069f3 100644 --- a/src/network_inspectors/appid/appid_app_descriptor.h +++ b/src/network_inspectors/appid/appid_app_descriptor.h @@ -34,6 +34,7 @@ #include "pub_sub/appid_events.h" #include "app_info_table.h" +#include "appid_config.h" #include "appid_module.h" #include "appid_peg_counts.h" #include "appid_types.h" @@ -117,13 +118,12 @@ class ServiceAppDescriptor : public ApplicationDescriptor public: ServiceAppDescriptor() = default; - void set_id(AppId app_id) override + void set_id(AppId app_id, OdpContext& odp_ctxt) { if (get_id() != app_id) { ApplicationDescriptor::set_id(app_id); - AppInfoManager* app_info_mgr = &AppInfoManager::get_instance(); - deferred = app_info_mgr->get_app_info_flags(app_id, APPINFO_FLAG_DEFER); + deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER); } } @@ -161,6 +161,7 @@ public: private: AppId port_service_id = APP_ID_NONE; bool deferred = false; + using ApplicationDescriptor::set_id; }; class ClientAppDescriptor : public ApplicationDescriptor diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index a92ea3665..3c9dfad0e 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -75,15 +75,14 @@ AppIdConfig::~AppIdConfig() } // FIXIT-M: RELOAD - move initialization back to AppIdContext class constructor -AppInfoManager& AppIdContext::app_info_mgr = AppInfoManager::get_instance(); std::array AppIdContext::tcp_port_only = {APP_ID_NONE}; std::array AppIdContext::udp_port_only = {APP_ID_NONE}; std::array AppIdContext::ip_protocol = {APP_ID_NONE}; -// FIXIT-M: RELOAD - Move app info table cleanup back to AppId config destructor - cleanup() void AppIdContext::pterm() { - AppIdContext::app_info_mgr.cleanup_appid_info_table(); + assert(odp_ctxt); + odp_ctxt->get_app_info_mgr().cleanup_appid_info_table(); delete odp_ctxt; } @@ -91,14 +90,13 @@ bool AppIdContext::init_appid(SnortConfig* sc) { // do not reload ODP on reload_config() if (!odp_ctxt) - odp_ctxt = new OdpContext(); + odp_ctxt = new OdpContext(config, sc); // FIXIT-M: RELOAD - Get rid of "once" flag // Handle the if condition in AppIdContext::init_appid static bool once = false; if (!once) { - AppIdContext::app_info_mgr.init_appid_info_table(config, sc, *odp_ctxt); HttpPatternMatchers* http_matchers = HttpPatternMatchers::get_instance(); AppIdDiscovery::initialize_plugins(); LuaDetectorManager::initialize(*this, 1); @@ -113,7 +111,7 @@ bool AppIdContext::init_appid(SnortConfig* sc) // do not reload third party on reload_config() if (!tp_appid_ctxt) - tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt); + tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt); map_app_names_to_snort_ids(sc); return true; @@ -121,7 +119,7 @@ bool AppIdContext::init_appid(SnortConfig* sc) void AppIdContext::create_tp_appid_ctxt() { - tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt); + tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt); } AppId AppIdContext::get_port_service_id(IpProtocol proto, uint16_t port) @@ -143,8 +141,8 @@ AppId AppIdContext::get_protocol_service_id(IpProtocol proto) void AppIdContext::show() { - if (!config->tp_appid_path.empty()) - LogMessage(" 3rd Party Dir: %s\n", config->tp_appid_path.c_str()); + if (!config.tp_appid_path.empty()) + LogMessage(" 3rd Party Dir: %s\n", config.tp_appid_path.c_str()); } void AppIdContext::display_port_config() @@ -175,3 +173,7 @@ void AppIdContext::display_port_config() } } +OdpContext::OdpContext(AppIdConfig& config, SnortConfig* sc) +{ + app_info_mgr.init_appid_info_table(config, sc, *this); +} diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 8bf22e5b4..793527de9 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -35,6 +35,7 @@ #include "tp_appid_module_api.h" #include "application_ids.h" +#include "app_info_table.h" #include "host_port_app_cache.h" #include "length_app_cache.h" @@ -99,6 +100,8 @@ public: bool allow_port_wildcard_host_cache = false; bool recheck_for_portservice_appid = false; + OdpContext(AppIdConfig&, snort::SnortConfig*); + HostPortVal* host_port_cache_find(const snort::SfIp* ip, uint16_t port, IpProtocol proto) { return host_port_cache.find(ip, port, proto, *this); @@ -119,21 +122,30 @@ public: return length_cache.add(key, val); } + AppInfoManager& get_app_info_mgr() + { + return app_info_mgr; + } + private: HostPortCache host_port_cache; LengthCache length_cache; + AppInfoManager app_info_mgr; }; class AppIdContext { public: - AppIdContext(AppIdConfig* config) : config(config) + AppIdContext(AppIdConfig& config) : config(config) { } ~AppIdContext() { } OdpContext& get_odp_ctxt() const - { return *odp_ctxt; } + { + assert(odp_ctxt); + return *odp_ctxt; + } ThirdPartyAppIdContext* get_tp_appid_ctxt() const { return tp_appid_ctxt; } @@ -155,13 +167,10 @@ public: static std::array udp_port_only; // port-only UDP services static std::array ip_protocol; // non-TCP / UDP protocol services - AppIdConfig* config = nullptr; + AppIdConfig& config; private: void display_port_config(); - // FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is - // removed from AppIdContext::pterm - static AppInfoManager& app_info_mgr; static OdpContext* odp_ctxt; static ThirdPartyAppIdContext* tp_appid_ctxt; }; diff --git a/src/network_inspectors/appid/appid_detector.cc b/src/network_inspectors/appid/appid_detector.cc index a981971ca..b3f64ec6f 100644 --- a/src/network_inspectors/appid/appid_detector.cc +++ b/src/network_inspectors/appid/appid_detector.cc @@ -17,7 +17,7 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// client_detector.cc author davis mcpherson +// appid_detector.cc author davis mcpherson #ifdef HAVE_CONFIG_H #include "config.h" @@ -25,11 +25,13 @@ #include "appid_detector.h" +#include "managers/inspector_manager.h" #include "protocols/packet.h" #include "app_info_table.h" #include "appid_config.h" #include "appid_http_session.h" +#include "appid_inspector.h" #include "lua_detector_api.h" using namespace snort; @@ -45,8 +47,13 @@ int AppIdDetector::initialize() handler->register_udp_pattern(this, pat.pattern, pat.length, pat.index, pat.nocase); if (!appid_registry.empty()) + { + // FIXIT-M: RELOAD - to support ODP reload, store ODP context in AppIdDetector + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + AppIdContext& ctxt = inspector->get_ctxt(); for (auto& id : appid_registry) - register_appid(id.appId, id.additionalInfo); + register_appid(id.appId, id.additionalInfo, ctxt.get_odp_ctxt()); + } if (!service_ports.empty()) for (auto& port: service_ports) diff --git a/src/network_inspectors/appid/appid_detector.h b/src/network_inspectors/appid/appid_detector.h index 8f7945e5a..427de8c74 100644 --- a/src/network_inspectors/appid/appid_detector.h +++ b/src/network_inspectors/appid/appid_detector.h @@ -85,7 +85,7 @@ public: AppidSessionDirection dir; AppIdSession& asd; snort::Packet* pkt; - const AppIdContext* ctxt = nullptr; + const AppIdContext& ctxt; AppidChangeBits& change_bits; }; @@ -115,7 +115,7 @@ public: virtual void do_custom_init() = 0; virtual void release_thread_resources() = 0; virtual int validate(AppIdDiscoveryArgs&) = 0; - virtual void register_appid(AppId, unsigned extractsInfo) = 0; + virtual void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) = 0; virtual void* data_get(AppIdSession&); virtual int data_add(AppIdSession&, void*, AppIdFreeFCN); diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index cfaf896c3..ae3a5714e 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -495,7 +495,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp if ( appidDebug->is_enabled() ) appidDebug->activate(p->flow, asd, - inspector.get_ctxt()->config->log_all_sessions); + inspector.get_ctxt().config.log_all_sessions); if ( is_packet_ignored(asd, p, direction) ) return false; @@ -550,7 +550,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp { asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_LOGGED); - const char *app_name = AppInfoManager::get_instance().get_app_name(asd->service.get_id()); + const char *app_name = asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd->service.get_id()); LogMessage("AppIdDbg %s Ignoring connection with service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd->service.get_id()); } @@ -614,7 +614,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp // FIXIT-L: DECRYPT_DEBUG - Move set_proxied and first_decrypted_packet_debug to ssl-module // after ssl-module's decryption capability is implemented #ifdef REG_TEST - uint32_t fdpd = inspector.get_ctxt()->config->first_decrypted_packet_debug; + uint32_t fdpd = inspector.get_ctxt().config.first_decrypted_packet_debug; if (fdpd and (fdpd == asd->session_packet_count)) { p->flow->set_proxied(); @@ -648,14 +648,14 @@ void AppIdDiscovery::do_port_based_discovery(Packet* p, AppIdSession& asd, IpPro return; } - AppId id = asd.ctxt->get_port_service_id(protocol, p->ptrs.sp); + AppId id = asd.ctxt.get_port_service_id(protocol, p->ptrs.sp); if (id > APP_ID_NONE) { asd.service.set_port_service_id(id); if (appidDebug->is_active()) { const char *app_name = - AppInfoManager::get_instance().get_app_name(asd.service.get_port_service_id()); + asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.service.get_port_service_id()); LogMessage("AppIdDbg %s Port service %s (%d) from port\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd.service.get_port_service_id()); @@ -676,9 +676,9 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, if (!(asd.scan_flags & SCAN_HOST_PORT_FLAG)) check_static = true; - if ((asd.session_packet_count % asd.ctxt->get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and - (asd.session_packet_count <= asd.ctxt->get_odp_ctxt().host_port_app_cache_lookup_range) and - asd.ctxt->get_odp_ctxt().is_host_port_app_cache_runtime ) + if ((asd.session_packet_count % asd.ctxt.get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and + (asd.session_packet_count <= asd.ctxt.get_odp_ctxt().host_port_app_cache_lookup_range) and + asd.ctxt.get_odp_ctxt().is_host_port_app_cache_runtime ) check_dynamic = true; if (!(check_static || check_dynamic)) @@ -710,7 +710,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, HostPortVal* hv = nullptr; if (check_static and - (hv = asd.ctxt->get_odp_ctxt().host_port_cache_find(ip, port, protocol))) + (hv = asd.ctxt.get_odp_ctxt().host_port_cache_find(ip, port, protocol))) { asd.scan_flags |= SCAN_HOST_PORT_FLAG; switch (hv->type) @@ -723,7 +723,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, asd.payload.set_id(hv->appId); break; default: - asd.service.set_id(hv->appId); + asd.service.set_id(hv->appId, asd.ctxt.get_odp_ctxt()); asd.sync_with_snort_protocol_id(hv->appId, p); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; asd.client_disco_state = APPID_DISCO_STATE_FINISHED; @@ -746,7 +746,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, auto ht = host_cache.find(*ip); if (ht) { - AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->get_odp_ctxt().allow_port_wildcard_host_cache); + AppId appid = ht->get_appid(port, protocol, true, asd.ctxt.get_odp_ctxt().allow_port_wildcard_host_cache); if (appid > APP_ID_NONE) { // FIXIT-L: Make this more generic to support service and payload IDs @@ -766,10 +766,10 @@ static inline bool is_check_host_cache_valid(AppIdSession& asd, AppId service_id { bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and misc_id <= APP_ID_NONE); bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or service_id == APP_ID_UNKNOWN_UI or - (asd.ctxt->get_odp_ctxt().recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())); - bool is_ssl_none = asd.ctxt->get_odp_ctxt().check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and + (asd.ctxt.get_odp_ctxt().recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())); + bool is_ssl_none = asd.ctxt.get_odp_ctxt().check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and (not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname())); - if (is_appid_none or is_ssl_none or asd.ctxt->get_odp_ctxt().check_host_port_app_cache) + if (is_appid_none or is_ssl_none or asd.ctxt.get_odp_ctxt().check_host_port_app_cache) return true; return false; } @@ -787,7 +787,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, { if ( !asd.get_session_flags(APPID_SESSION_PORT_SERVICE_DONE) ) { - AppId id = asd.ctxt->get_protocol_service_id(protocol); + AppId id = asd.ctxt.get_protocol_service_id(protocol); if (id > APP_ID_NONE) { asd.service.set_port_service_id(id); @@ -795,7 +795,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, asd.service_disco_state = APPID_DISCO_STATE_FINISHED; if (appidDebug->is_active()) { - const char *app_name = AppInfoManager::get_instance().get_app_name(asd.service.get_port_service_id()); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.service.get_port_service_id()); LogMessage("AppIdDbg %s Protocol service %s (%d) from protocol\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd.service.get_port_service_id()); } @@ -811,7 +811,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, if (tp_appid_ctxt) { // Skip third-party inspection for sessions using old config - if ((asd.tpsession and asd.tpsession->get_ctxt() == tp_appid_ctxt) || !asd.tpsession) + if ((asd.tpsession and &(asd.tpsession->get_ctxt()) == tp_appid_ctxt) || !asd.tpsession) is_discovery_done = do_tp_discovery(*tp_appid_ctxt, asd, protocol, p, direction, change_bits); } @@ -856,14 +856,14 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, asd.length_sequence.sequence_cnt++; asd.length_sequence.sequence[index].direction = direction; asd.length_sequence.sequence[index].length = p->dsize; - AppId id = asd.ctxt->get_odp_ctxt().length_cache_find(asd.length_sequence); + AppId id = asd.ctxt.get_odp_ctxt().length_cache_find(asd.length_sequence); if (id > APP_ID_NONE) { service_id = id; asd.service.set_port_service_id(id); if (appidDebug->is_active()) { - const char *app_name = AppInfoManager::get_instance().get_app_name(id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(id); LogMessage("AppIdDbg %s Port service %s (%d) from length\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", id); } @@ -925,7 +925,7 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd, // Set the field that the Firewall queries to see if we have a search engine if (asd.search_support_type == UNKNOWN_SEARCH_ENGINE && payload_id > APP_ID_NONE) { - uint flags = AppInfoManager::get_instance().get_app_info_flags(payload_id, + uint flags = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(payload_id, APPINFO_FLAG_SEARCH_ENGINE | APPINFO_FLAG_SUPPORTED_SEARCH); asd.search_support_type = (flags & APPINFO_FLAG_SEARCH_ENGINE) ? @@ -935,7 +935,7 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd, if (appidDebug->is_active()) { const char* typeString; - const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id); switch ( asd.search_support_type ) { case NOT_A_SEARCH_ENGINE: typeString = "NOT_A_SEARCH_ENGINE"; break; diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index 3e42e2c12..80f6d3af7 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -300,7 +300,7 @@ void AppIdHttpSession::process_chp_buffers(AppidChangeBits& change_bits) int num_found = 0; cmd.cur_ptype = (HttpFieldIds)i; AppId ret = http_matchers->scan_chp(cmd, &version, &user, &num_found, this, - *asd.ctxt); + asd.ctxt); total_found += num_found; if (!ret || num_found < ptype_req_counts[i]) { @@ -493,7 +493,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (asd.service.get_id() == APP_ID_NONE) { - asd.service.set_id(APP_ID_HTTP); + asd.service.set_id(APP_ID_HTTP, asd.ctxt.get_odp_ctxt()); asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_HTTP_SESSION); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; } @@ -564,14 +564,14 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and asd.service.get_id() != service_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(service_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); LogMessage("AppIdDbg %s User Agent is service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", service_id); } if (client_id > APP_ID_NONE and client_id != APP_ID_HTTP and asd.client.get_id() != client_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(client_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(client_id); LogMessage("AppIdDbg %s User Agent is client %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", client_id); } @@ -591,7 +591,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && payload_id > APP_ID_NONE && asd.payload.get_id() != payload_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id); LogMessage("AppIdDbg %s VIA is payload %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", payload_id); @@ -620,7 +620,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && client_id > APP_ID_NONE && client_id != APP_ID_HTTP && asd.client.get_id() != client_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(appId); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(appId); LogMessage("AppIdDbg %s X is client %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", appId); } @@ -631,7 +631,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id != APP_ID_HTTP && asd.service.get_id() != service_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(appId); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(appId); LogMessage("AppIdDbg %s X service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", appId); } @@ -656,7 +656,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && payload_id > APP_ID_NONE && asd.payload.get_id() != payload_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id); LogMessage("AppIdDbg %s Content-Type is payload %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", @@ -676,7 +676,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, const char* urlStr = url ? url->c_str() : nullptr; if ( http_matchers->get_appid_from_url(my_host, urlStr, &version, refStr, &client_id, &service_id, &payload_id, - &referredPayloadAppId, false) ) + &referredPayloadAppId, false, asd.ctxt.get_odp_ctxt()) ) { // do not overwrite a previously-set client or service if (asd.client.get_id() <= APP_ID_NONE) @@ -684,7 +684,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && client_id > APP_ID_NONE && client_id != APP_ID_HTTP && asd.client.get_id() != client_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(client_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(client_id); LogMessage("AppIdDbg %s URL is client %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", @@ -698,7 +698,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id != APP_ID_HTTP && asd.service.get_id() != service_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(service_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); LogMessage("AppIdDbg %s URL is service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", @@ -711,7 +711,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && payload_id > APP_ID_NONE && asd.payload.get_id() != payload_id) { - const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id); LogMessage("AppIdDbg %s URL is payload %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", payload_id); @@ -733,7 +733,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, AppId tp_payload_app_id = asd.get_tp_payload_app_id(); if (tp_payload_app_id > APP_ID_NONE) { - entry = asd.app_info_mgr->get_app_info_entry(tp_payload_app_id); + entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id); // only move tpPayloadAppId to client if client app id is valid if (entry && entry->clientId > APP_ID_NONE) { @@ -743,7 +743,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, } else if (asd.payload.get_id() > APP_ID_NONE) { - entry = asd.app_info_mgr->get_app_info_entry(asd.payload.get_id()); + entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(asd.payload.get_id()); // only move payload_app_id to client if it has a ClientAppid if (entry && entry->clientId > APP_ID_NONE) { diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 8f78db6c5..1317fc3ab 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -71,10 +71,10 @@ static void add_appid_to_packet_trace(Flow& flow) AppId service_id, client_id, payload_id, misc_id; const char* service_app_name, * client_app_name, * payload_app_name, * misc_name; session->get_application_ids(service_id, client_id, payload_id, misc_id); - service_app_name = appid_api.get_application_name(service_id); - client_app_name = appid_api.get_application_name(client_id); - payload_app_name = appid_api.get_application_name(payload_id); - misc_name = appid_api.get_application_name(misc_id); + service_app_name = appid_api.get_application_name(service_id, session->ctxt); + client_app_name = appid_api.get_application_name(client_id, session->ctxt); + payload_app_name = appid_api.get_application_name(payload_id, session->ctxt); + misc_name = appid_api.get_application_name(misc_id, session->ctxt); if (PacketTracer::is_active()) { @@ -91,24 +91,27 @@ static void add_appid_to_packet_trace(Flow& flow) AppIdInspector::AppIdInspector(AppIdModule& mod) { config = mod.get_data(); + assert(config); } AppIdInspector::~AppIdInspector() { - delete ctxt; + if (ctxt) + delete ctxt; delete config; } -AppIdContext* AppIdInspector::get_ctxt() +AppIdContext& AppIdInspector::get_ctxt() const { - return ctxt; + assert(ctxt); + return *ctxt; } bool AppIdInspector::configure(SnortConfig* sc) { assert(!ctxt); - ctxt = new AppIdContext(const_cast(config)); + ctxt = new AppIdContext(const_cast(*config)); my_seh = SipEventHandler::create(); my_seh->subscribe(sc); @@ -150,7 +153,7 @@ void AppIdInspector::tinit() LuaDetectorManager::initialize(*ctxt); AppIdServiceState::initialize(config->memcap); appidDebug = new AppIdDebug(); - if (ctxt->config and ctxt->config->log_all_sessions) + if (ctxt->config.log_all_sessions) appidDebug->set_enabled(true); } diff --git a/src/network_inspectors/appid/appid_inspector.h b/src/network_inspectors/appid/appid_inspector.h index 482dc6abe..1feaa1ff5 100644 --- a/src/network_inspectors/appid/appid_inspector.h +++ b/src/network_inspectors/appid/appid_inspector.h @@ -46,7 +46,7 @@ public: void tinit() override; void tterm() override; void eval(snort::Packet*) override; - AppIdContext* get_ctxt(); + AppIdContext& get_ctxt() const; SipEventHandler& get_sip_event_handler() { diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 58efc1c85..dba62871a 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -185,8 +185,8 @@ static int reload_third_party(lua_State*) Swapper::set_reload_in_progress(true); LogMessage(".. reloading third-party\n"); AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); - AppIdContext* ctxt = inspector->get_ctxt(); - ctxt->create_tp_appid_ctxt(); + AppIdContext& ctxt = inspector->get_ctxt(); + ctxt.create_tp_appid_ctxt(); Swapper::set_reload_in_progress(false); LogMessage("== reload third-party complete\n"); } diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index de70e974f..6adcb8a51 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -100,7 +100,6 @@ AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, common.flow_type = APPID_FLOW_TYPE_NORMAL; common.initiator_ip = *ip; common.initiator_port = port; - app_info_mgr = &AppInfoManager::get_instance(); length_sequence.proto = IpProtocol::PROTO_NOT_SET; length_sequence.sequence_cnt = 0; @@ -113,7 +112,7 @@ AppIdSession::~AppIdSession() { if (!in_expected_cache) { - if (ctxt->config->stats_logging_enabled) + if (ctxt.config.stats_logging_enabled) AppIdStatistics::get_stats_manager()->update(*this); // fail any service detection that is in process for this flow @@ -137,7 +136,7 @@ AppIdSession::~AppIdSession() if (tpsession) { - if (tpsession->get_ctxt() == tp_appid_thread_ctxt) + if (&(tpsession->get_ctxt()) == tp_appid_thread_ctxt) tpsession->delete_with_ctxt(); else delete tpsession; @@ -297,7 +296,7 @@ void AppIdSession::sync_with_snort_protocol_id(AppId newAppId, Packet* p) break; } - AppInfoTableEntry* entry = app_info_mgr->get_app_info_entry(newAppId); + AppInfoTableEntry* entry = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(newAppId); if (entry) { SnortProtocolId tmp_snort_protocol_id = entry->snort_protocol_id; @@ -420,7 +419,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits) if (client.get_id() == APP_ID_NONE or client.get_id() == APP_ID_SSL_CLIENT) set_client_appid_data(client_id, change_bits); set_payload_appid_data(payload_id, change_bits); - setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id)); + setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), ctxt.get_odp_ctxt()); } scan_flags &= ~SCAN_SSL_HOST_FLAG; } @@ -433,7 +432,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits) if (client.get_id() == APP_ID_NONE or client.get_id() == APP_ID_SSL_CLIENT) set_client_appid_data(client_id, change_bits); set_payload_appid_data(payload_id, change_bits); - setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id)); + setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), ctxt.get_odp_ctxt()); } scan_flags &= ~SCAN_SSL_CERTIFICATE_FLAG; } @@ -445,7 +444,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits) { set_client_appid_data(client_id, change_bits); set_payload_appid_data(payload_id, change_bits); - setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id)); + setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), ctxt.get_odp_ctxt()); } tsession->set_tls_org_unit(nullptr, 0); } @@ -475,10 +474,10 @@ void AppIdSession::examine_rtmp_metadata(AppidChangeBits& change_bits) const char* referer = hsession->get_cfield(REQ_REFERER_FID); if (((http_matchers->get_appid_from_url(nullptr, url, &version, referer, &client_id, &service_id, &payload_id, - &referred_payload_id, true)) || + &referred_payload_id, true, ctxt.get_odp_ctxt())) || (http_matchers->get_appid_from_url(nullptr, url, &version, referer, &client_id, &service_id, &payload_id, - &referred_payload_id, false)))) + &referred_payload_id, false, ctxt.get_odp_ctxt())))) { /* do not overwrite a previously-set client or service */ if (client.get_id() <= APP_ID_NONE) @@ -502,7 +501,7 @@ void AppIdSession::set_client_appid_data(AppId id, AppidChangeBits& change_bits, if (id != cur_id) { if (cur_id) - if (app_info_mgr->get_priority(cur_id) > app_info_mgr->get_priority(id)) + if (ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(cur_id) > ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(id)) return; client.set_id(id); @@ -528,7 +527,7 @@ void AppIdSession::set_payload_appid_data(AppId id, AppidChangeBits& change_bits if (id <= APP_ID_NONE) return; - if (app_info_mgr->get_priority(payload.get_id()) > app_info_mgr->get_priority(id)) + if (ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(payload.get_id()) > ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(id)) return; payload.set_id(id); payload.set_version(version, change_bits); @@ -916,7 +915,7 @@ AppIdDnsSession* AppIdSession::get_dns_session() bool AppIdSession::is_tp_appid_done() const { - if (ctxt->get_tp_appid_ctxt()) + if (ctxt.get_tp_appid_ctxt()) { if (!tpsession) return false; @@ -941,7 +940,7 @@ bool AppIdSession::is_tp_processing_done() const bool AppIdSession::is_tp_appid_available() const { - if (ctxt->get_tp_appid_ctxt()) + if (ctxt.get_tp_appid_ctxt()) { if (!tpsession) return false; @@ -960,7 +959,7 @@ void AppIdSession::set_tp_app_id(Packet& p, AppidSessionDirection dir, AppId app if (tp_app_id != app_id) { tp_app_id = app_id; - AppInfoTableEntry* entry = app_info_mgr->get_app_info_entry(tp_app_id); + AppInfoTableEntry* entry = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if (entry) { tp_app_id_deferred = (entry->flags & APPINFO_FLAG_DEFER) ? true : false; @@ -974,7 +973,7 @@ void AppIdSession::set_tp_payload_app_id(Packet& p, AppidSessionDirection dir, A if (tp_payload_app_id != app_id) { tp_payload_app_id = app_id; - AppInfoTableEntry* entry = app_info_mgr->get_app_info_entry(tp_payload_app_id); + AppInfoTableEntry* entry = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id); if (entry) { tp_payload_app_id_deferred = (entry->flags & APPINFO_FLAG_DEFER_PAYLOAD) ? true : false; diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index 2b9c354b0..211c08975 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -206,9 +206,8 @@ public: uint32_t session_id = 0; snort::Flow* flow = nullptr; - AppIdContext* ctxt; + AppIdContext& ctxt; std::unordered_map flow_data; - AppInfoManager* app_info_mgr = nullptr; CommonAppIdData common; uint16_t session_packet_count = 0; @@ -347,7 +346,8 @@ public: if (tp_app_id != app_id) { tp_app_id = app_id; - tp_app_id_deferred = app_info_mgr->get_app_info_flags(tp_app_id, APPINFO_FLAG_DEFER); + tp_app_id_deferred = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags + (tp_app_id, APPINFO_FLAG_DEFER); } } @@ -355,7 +355,8 @@ public: if (tp_payload_app_id != app_id) { tp_payload_app_id = app_id; - tp_payload_app_id_deferred = app_info_mgr->get_app_info_flags(tp_payload_app_id, APPINFO_FLAG_DEFER_PAYLOAD); + tp_payload_app_id_deferred = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags + (tp_payload_app_id, APPINFO_FLAG_DEFER_PAYLOAD); } } diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index d84dea487..7839c2918 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -133,7 +133,7 @@ bool AppIdSessionApi::is_appid_inspecting_session() return true; } - if (asd->ctxt->get_odp_ctxt().check_host_port_app_cache) + if (asd->ctxt.get_odp_ctxt().check_host_port_app_cache) return true; return false; diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index 014b2402a..949147599 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -40,7 +40,7 @@ using namespace snort; struct AppIdStatRecord { - uint32_t app_id; + char* app_name = nullptr; uint64_t initiatorBytes; uint64_t responderBytes; }; @@ -51,6 +51,7 @@ static THREAD_LOCAL AppIdStatistics* appid_stats_manager = nullptr; static void delete_record(void* record) { + snort_free(((AppIdStatRecord*)record)->app_name); snort_free(record); } @@ -123,52 +124,13 @@ void AppIdStatistics::dump_statistics() for (node = fwAvlFirst(bucket->appsTree); node != nullptr; node = fwAvlNext(node)) { - const char* app_name; - bool cooked_client = false; - AppId app_id; - char tmpBuff[MAX_EVENT_APPNAME_LEN]; struct AppIdStatRecord* record; record = (struct AppIdStatRecord*)node->data; - app_id = (AppId)record->app_id; - - if ( app_id >= 2000000000 ) - { - cooked_client = true; - app_id -= 2000000000; - } - - AppInfoTableEntry* entry - = AppInfoManager::get_instance().get_app_info_entry(app_id); - - if ( entry ) - { - app_name = entry->app_name; - if (cooked_client) - { - snprintf(tmpBuff, MAX_EVENT_APPNAME_LEN, "_cl_%s", app_name); - tmpBuff[MAX_EVENT_APPNAME_LEN-1] = 0; - app_name = tmpBuff; - } - } - else if ( app_id == APP_ID_UNKNOWN || app_id == APP_ID_UNKNOWN_UI ) - app_name = "__unknown"; - else if ( app_id == APP_ID_NONE ) - app_name = "__none"; - else - { - if (cooked_client) - snprintf(tmpBuff, MAX_EVENT_APPNAME_LEN, "_err_cl_%d",app_id); - else - snprintf(tmpBuff, MAX_EVENT_APPNAME_LEN, "_err_%d",app_id); - - tmpBuff[MAX_EVENT_APPNAME_LEN - 1] = 0; - app_name = tmpBuff; - } // FIXIT-M %lu won't do time_t on 32-bit systems TextLog_Print(log, "%lu,%s," STDu64 "," STDu64 "\n", - packet_time(), app_name, record->initiatorBytes, record->responderBytes); + packet_time(), record->app_name, record->initiatorBytes, record->responderBytes); } } fwAvlDeleteTree(bucket->appsTree, delete_record); @@ -234,10 +196,45 @@ static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* buc AppIdStatRecord* record = (AppIdStatRecord*)(fwAvlLookup(app_id, bucket->appsTree)); if ( !record ) { + char tmp_buff[MAX_EVENT_APPNAME_LEN]; + bool cooked_client = false; + record = (AppIdStatRecord*)(snort_calloc(sizeof(struct AppIdStatRecord))); + + if ( app_id >= 2000000000 ) + cooked_client = true; + + AppInfoTableEntry* entry + = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); + + if ( entry ) + { + if (cooked_client) + { + snprintf(tmp_buff, MAX_EVENT_APPNAME_LEN, "_cl_%s", entry->app_name); + tmp_buff[MAX_EVENT_APPNAME_LEN-1] = 0; + record->app_name = snort_strdup(tmp_buff); + } + else + record->app_name = snort_strdup(entry->app_name); + } + else if ( app_id == APP_ID_UNKNOWN || app_id == APP_ID_UNKNOWN_UI ) + record->app_name = snort_strdup("__unknown"); + else if ( app_id == APP_ID_NONE ) + record->app_name = snort_strdup("__none"); + else + { + if (cooked_client) + snprintf(tmp_buff, MAX_EVENT_APPNAME_LEN, "_err_cl_%d",app_id); + else + snprintf(tmp_buff, MAX_EVENT_APPNAME_LEN, "_err_%d",app_id); + + tmp_buff[MAX_EVENT_APPNAME_LEN - 1] = 0; + record->app_name = snort_strdup(tmp_buff); + } + if (fwAvlInsert(app_id, record, bucket->appsTree) == 0) { - record->app_id = app_id; bucket->appRecordCnt += 1; } else diff --git a/src/network_inspectors/appid/client_plugins/client_detector.cc b/src/network_inspectors/appid/client_plugins/client_detector.cc index a7dcfd5c3..33c8e1f61 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.cc +++ b/src/network_inspectors/appid/client_plugins/client_detector.cc @@ -42,12 +42,12 @@ ClientDetector::ClientDetector() client = true; } -void ClientDetector::register_appid(AppId appId, unsigned extractsInfo) +void ClientDetector::register_appid(AppId appId, unsigned extractsInfo, OdpContext& odp_ctxt) { - AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId); + AppInfoTableEntry* pEntry = odp_ctxt.get_app_info_mgr().get_app_info_entry(appId); if (!pEntry) { - if ( AppInfoManager::get_instance().configured() ) + if ( odp_ctxt.get_app_info_mgr().configured() ) { ParseWarning(WARN_RULES, "appid: no entry for %d in appMapping.data; no rule support for this ID.", diff --git a/src/network_inspectors/appid/client_plugins/client_detector.h b/src/network_inspectors/appid/client_plugins/client_detector.h index 26062f496..03a5ae450 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.h +++ b/src/network_inspectors/appid/client_plugins/client_detector.h @@ -34,7 +34,7 @@ public: void do_custom_init() override { } void release_thread_resources() override { } - void register_appid(AppId, unsigned extractsInfo) override; + void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) override; }; #endif diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index 1ef86cbe9..4dd84e9b6 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -364,7 +364,7 @@ bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, { // Third party has positively identified appId; Dig deeper only if our // detector identifies additional information - entry = asd.app_info_mgr->get_app_info_entry(tp_app_id); + entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( entry && entry->client_detector && ( ( entry->flags & ( APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER ) ) @@ -393,7 +393,7 @@ bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_available() ) { - entry = asd.app_info_mgr->get_app_info_entry(tp_app_id); + entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( !( entry && entry->client_detector && entry->client_detector == asd.client_detector && (entry->flags & (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER) ) ) ) diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc index 7b427503d..1340f9f75 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc @@ -602,7 +602,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) goto udp_done; } if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data, - args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS) + args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS) { if (rval == APPID_REVERSED) { @@ -613,7 +613,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, got a // response, and now we've got another query. rval = validate_packet(args.data, args.size, args.dir, - args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); + args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) goto inprocess; } @@ -624,7 +624,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, but now we've got // a response. rval = validate_packet(args.data, args.size, args.dir, - args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); + args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) { args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED); @@ -638,7 +638,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) } rval = validate_packet(args.data, args.size, args.dir, - args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); + args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR)) goto inprocess; @@ -690,7 +690,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) uint16_t size = args.size - sizeof(DNSTCPHeader); uint16_t tmp = ntohs(hdr->length); if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data, - args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd)) + args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd)) { if (args.dir == APP_ID_FROM_INITIATOR) goto not_compatible; @@ -701,7 +701,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) if (tmp > size) goto not_compatible; rval = validate_packet(data, size, args.dir, - args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); + args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); if (rval != APPID_SUCCESS) goto tcp_done; diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index 35e96ba19..786daaa8d 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -25,11 +25,14 @@ #include "detector_pattern.h" -#include "app_info_table.h" #include "log/messages.h" +#include "managers/inspector_manager.h" #include "protocols/packet.h" #include "search_engines/search_tool.h" +#include "app_info_table.h" +#include "appid_inspector.h" + using namespace snort; static PatternServiceDetector* service_pattern_detector; @@ -115,7 +118,12 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser pattern->offset = pNode->offset; pattern->next = ps->pattern; ps->pattern = pattern; - AppInfoManager::get_instance().set_app_info_active(ps->id); + + // FIXIT-M: Tp support ODP reload, store ODP context in PatternService + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + AppIdContext& ctxt = inspector->get_ctxt(); + + ctxt.get_odp_ctxt().get_app_info_mgr().set_app_info_active(ps->id); } } diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index c64f5e905..7638653f5 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -343,7 +343,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con { fp->client.set_id(asd.client.get_id()); fp->payload.set_id(asd.payload.get_id()); - fp->service.set_id(APP_ID_RTP); + fp->service.set_id(APP_ID_RTP, asd.ctxt.get_odp_ctxt()); // FIXIT-H : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE. // Check if it is needed here as well. @@ -363,7 +363,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con { fp2->client.set_id(asd.client.get_id()); fp2->payload.set_id(asd.payload.get_id()); - fp2->service.set_id(APP_ID_RTCP); + fp2->service.set_id(APP_ID_RTCP, asd.ctxt.get_odp_ctxt()); // FIXIT-H : same comment as above //initialize_expected_session(asd, fp2, APPID_SESSION_EXPECTED_EVALUATE); diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index b83f87e10..7705d76a8 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -1567,7 +1567,7 @@ AppId HttpPatternMatchers::get_appid_by_content_type(const char* data, int size) bool HttpPatternMatchers::get_appid_from_url(char* host, const char* url, char** version, const char* referer, AppId* ClientAppId, AppId* serviceAppId, AppId* payloadAppId, - AppId* referredPayloadAppId, bool from_rtmp) + AppId* referredPayloadAppId, bool from_rtmp, OdpContext& odp_ctxt) { char* temp_host = nullptr; tMlmpPattern patterns[3]; @@ -1667,7 +1667,7 @@ bool HttpPatternMatchers::get_appid_from_url(char* host, const char* url, char** /* if referred_id feature id disabled, referer will be null */ if ( referer and (referer[0] != '\0') and (!payload_found or - AppInfoManager::get_instance().get_app_info_flags(data->payload_id, + odp_ctxt.get_app_info_mgr().get_app_info_flags(data->payload_id, APPINFO_FLAG_REFERRED)) ) { const char* referer_start = referer; diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index 56a9699f3..0d8afd8d2 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -42,6 +42,7 @@ struct Packet; } class AppIdHttpSession; class AppIdContext; +class OdpContext; enum httpPatternType { @@ -306,7 +307,7 @@ public: AppId scan_header_x_working_with(const char*, uint32_t, char**); int get_appid_by_pattern(const char*, unsigned, char**); bool get_appid_from_url(char*, const char*, char**, const char*, AppId*, AppId*, - AppId*, AppId*, bool); + AppId*, AppId*, bool, OdpContext&); AppId get_appid_by_content_type(const char*, int); void get_server_vendor_version(const char*, int, char**, char**, snort::AppIdServiceSubtype**); void identify_user_agent(const char*, int, AppId&, AppId&, char**); diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index fd0a14b79..81de2204c 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -140,8 +140,10 @@ snort::ProfileStats* AppIdModule::get_profile() const // Stubs for inspectors unsigned AppIdSession::inspector_id = 0; +AppIdConfig stub_config; +AppIdContext stub_ctxt(stub_config); AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : snort::FlowData(inspector_id, (snort::Inspector*)&inspector) { } + : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), ctxt(stub_ctxt) { } AppIdSession::~AppIdSession() = default; AppIdHttpSession::AppIdHttpSession(AppIdSession& asd) : asd(asd) @@ -204,4 +206,7 @@ bool AppIdReloadTuner::tune_resources(unsigned int) return true; } +OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) +{ } + #endif diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 59c5dfd94..3eb6f3340 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -50,8 +50,8 @@ static char* my_action_data = (char*)"0"; static const char* my_chp_data = (const char*)"chp_data"; static int total_found; static AppIdConfig config; -static AppIdContext ctxt(&config); -static OdpContext odpctxt; +static AppIdContext ctxt(config); +static OdpContext odpctxt(config, nullptr); OdpContext* AppIdContext::odp_ctxt = &odpctxt; static AppId service_id = APP_ID_NONE; static AppId client_id = APP_ID_NONE; diff --git a/src/network_inspectors/appid/host_port_app_cache.cc b/src/network_inspectors/appid/host_port_app_cache.cc index 83bbdedd3..d703e903c 100644 --- a/src/network_inspectors/appid/host_port_app_cache.cc +++ b/src/network_inspectors/appid/host_port_app_cache.cc @@ -59,8 +59,8 @@ bool HostPortCache::add(const SfIp* ip, uint16_t port, IpProtocol proto, unsigne hk.ip = *ip; AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); - AppIdContext* ctxt = inspector->get_ctxt(); - hk.port = (ctxt->get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port; + AppIdContext& ctxt = inspector->get_ctxt(); + hk.port = (ctxt.get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port; hk.proto = proto; hv.appId = appId; diff --git a/src/network_inspectors/appid/ips_appid_option.cc b/src/network_inspectors/appid/ips_appid_option.cc index c8f5d0120..422680537 100644 --- a/src/network_inspectors/appid/ips_appid_option.cc +++ b/src/network_inspectors/appid/ips_appid_option.cc @@ -71,7 +71,7 @@ public: EvalStatus eval(Cursor&, Packet*) override; private: - bool match_id_against_rule(int32_t id); + bool match_id_against_rule(OdpContext& odp_ctxt, int32_t id); set appid_table; }; @@ -102,9 +102,9 @@ bool AppIdIpsOption::operator==(const IpsOption& ips) const return ( appid_table == ((const AppIdIpsOption&)ips).appid_table ); } -bool AppIdIpsOption::match_id_against_rule(int32_t id) +bool AppIdIpsOption::match_id_against_rule(OdpContext& odp_ctxt, int32_t id) { - const char *app_name_key = AppInfoManager::get_instance().get_app_name_key(id); + const char *app_name_key = odp_ctxt.get_app_info_mgr().get_app_name_key(id); if ( nullptr != app_name_key ) { string app_name(app_name_key); @@ -140,7 +140,8 @@ IpsOption::EvalStatus AppIdIpsOption::eval(Cursor&, Packet* p) app_ids[PAYLOAD], app_ids[MISC]); for ( unsigned i = 0; i < NUM_ID_TYPES; i++ ) - if ( (app_ids[i] > APP_ID_NONE) && match_id_against_rule(app_ids[i]) ) + if ( (app_ids[i] > APP_ID_NONE) and + match_id_against_rule(session->ctxt.get_odp_ctxt(), app_ids[i]) ) return MATCH; return NO_MATCH; diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 4164163f3..3a9c07805 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -238,11 +238,11 @@ static int common_register_application_id(lua_State* L) AppId appId = lua_tonumber(L, ++index); if ( ad->is_client() ) - ad->register_appid(appId, APPINFO_FLAG_CLIENT_ADDITIONAL); + ad->register_appid(appId, APPINFO_FLAG_CLIENT_ADDITIONAL, ud->get_odp_ctxt()); else - ad->register_appid(appId, APPINFO_FLAG_SERVICE_ADDITIONAL); + ad->register_appid(appId, APPINFO_FLAG_SERVICE_ADDITIONAL, ud->get_odp_ctxt()); - AppInfoManager::get_instance().set_app_info_active(appId); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); lua_pushnumber(L, 0); return 1; @@ -517,7 +517,7 @@ static int service_add_service(lua_State* L) /*Phase2 - discuss AppIdServiceSubtype will be maintained on lua side therefore the last parameter on the following call is nullptr. Subtype is not displayed on DC at present. */ unsigned int retValue = ud->sd->add_service(*lsd->ldp.change_bits, *lsd->ldp.asd, lsd->ldp.pkt, - lsd->ldp.dir, AppInfoManager::get_instance().get_appid_by_service_id(service_id), + lsd->ldp.dir, ud->get_odp_ctxt().get_app_info_mgr().get_appid_by_service_id(service_id), vendor, version, nullptr); lua_pushnumber(L, retValue); @@ -915,8 +915,8 @@ static int client_add_application(lua_State* L) unsigned int productId = lua_tonumber(L, 4); const char* version = lua_tostring(L, 5); ud->cd->add_app(*lsd->ldp.pkt, *lsd->ldp.asd, lsd->ldp.dir, - AppInfoManager::get_instance().get_appid_by_service_id(service_id), - AppInfoManager::get_instance().get_appid_by_client_id(productId), version, + ud->get_odp_ctxt().get_app_info_mgr().get_appid_by_service_id(service_id), + ud->get_odp_ctxt().get_app_info_mgr().get_appid_by_client_id(productId), version, *lsd->ldp.change_bits); lua_pushnumber(L, 0); @@ -944,7 +944,7 @@ static int client_add_user(lua_State* L) const char* userName = lua_tostring(L, 2); unsigned int service_id = lua_tonumber(L, 3); ud->cd->add_user(*lsd->ldp.asd, userName, - AppInfoManager::get_instance().get_appid_by_service_id(service_id), true); + ud->get_odp_ctxt().get_app_info_mgr().get_appid_by_service_id(service_id), true); lua_pushnumber(L, 0); return 1; } @@ -957,7 +957,7 @@ static int client_add_payload(lua_State* L) unsigned int payloadId = lua_tonumber(L, 2); ud->cd->add_payload(*lsd->ldp.asd, - AppInfoManager::get_instance().get_appid_by_payload_id(payloadId)); + ud->get_odp_ctxt().get_app_info_mgr().get_appid_by_payload_id(payloadId)); lua_pushnumber(L, 0); return 1; @@ -1006,7 +1006,7 @@ static int detector_add_http_pattern(lua_State* L) } DHPSequence seq = (DHPSequence)lua_tointeger(L, ++index); - AppInfoManager& aim = AppInfoManager::get_instance(); + AppInfoManager& aim = ud->get_odp_ctxt().get_app_info_mgr(); uint32_t service_id = aim.get_appid_by_service_id((uint32_t)lua_tointeger(L, ++index)); uint32_t client_id = aim.get_appid_by_client_id((uint32_t)lua_tointeger(L, ++index)); /*uint32_t client_app_type =*/ lua_tointeger(L, ++index); @@ -1058,7 +1058,7 @@ static int detector_add_ssl_cert_pattern(lua_State* L) return 0; } - AppInfoManager::get_instance().set_app_info_active(app_id); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(app_id); return 0; } @@ -1121,7 +1121,7 @@ static int detector_add_ssl_cname_pattern(lua_State* L) return 0; } - AppInfoManager::get_instance().set_app_info_active(app_id); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(app_id); return 0; } @@ -1224,7 +1224,7 @@ static int detector_add_content_type_pattern(lua_State* L) detector.pattern_size = strlen((char*)pattern); detector.app_id = appId; HttpPatternMatchers::get_instance()->insert_content_type_pattern(detector); - AppInfoManager::get_instance().set_app_info_active(appId); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); return 0; } @@ -1246,7 +1246,7 @@ static int register_callback(lua_State* L, LuaObject& ud, AppInfoFlags flag) if (init(L)) { // in control thread, update app info table. app info table is shared across all threads - AppInfoTableEntry* entry = AppInfoManager::get_instance().get_app_info_entry(app_id); + AppInfoTableEntry* entry = ud.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); if (entry) { if (entry->flags & flag) @@ -1350,10 +1350,11 @@ static int detector_callback(const uint8_t* data, uint16_t size, AppidSessionDir return ret; } -void check_detector_callback(const Packet& p, AppIdSession& asd, AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits, AppInfoTableEntry* entry) +void check_detector_callback(const Packet& p, AppIdSession& asd, AppidSessionDirection dir, + AppId app_id, AppidChangeBits& change_bits, AppInfoTableEntry* entry) { if (!entry) - entry = AppInfoManager::get_instance().get_app_info_entry(app_id); + entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); if (!entry) return; @@ -1482,7 +1483,8 @@ static inline int get_chp_action_data(lua_State* L, int index, char** action_dat } static int add_chp_pattern_action(AppId appIdInstance, int isKeyPattern, HttpFieldIds patternType, - size_t patternSize, char* patternData, ActionType actionType, char* optionalActionData) + size_t patternSize, char* patternData, ActionType actionType, char* optionalActionData, + AppInfoManager& app_info_mgr) { //find the CHP App for this auto chp_entry = CHP_glossary->find(appIdInstance); @@ -1499,7 +1501,6 @@ static int add_chp_pattern_action(AppId appIdInstance, int isKeyPattern, HttpFie } CHPApp* chpapp = chp_entry->second; - AppInfoManager& app_info_mgr = AppInfoManager::get_instance(); if (isKeyPattern) { @@ -1619,7 +1620,7 @@ static int detector_add_chp_action(lua_State* L) } return add_chp_pattern_action(appIdInstance, key_pattern, ptype, psize, pattern, - action, action_data); + action, action_data, ud->get_odp_ctxt().get_app_info_mgr()); } static int detector_create_chp_multi_application(lua_State* L) @@ -1709,7 +1710,7 @@ static int detector_add_chp_multi_action(lua_State* L) } return add_chp_pattern_action(appIdInstance, key_pattern, ptype, psize, pattern, - action, action_data); + action, action_data, ud->get_odp_ctxt().get_app_info_mgr()); } static int detector_port_only_service(lua_State* L) @@ -1732,7 +1733,7 @@ static int detector_port_only_service(lua_State* L) else if (protocol == 17) AppIdContext::udp_port_only[port] = appId; - AppInfoManager::get_instance().set_app_info_active(appId); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); return 0; } @@ -1932,7 +1933,7 @@ static int detector_add_url_application(lua_State* L) query_pattern = (uint8_t*)snort_strdup(tmp_string); uint32_t appId = lua_tointeger(L, ++index); - AppInfoManager& app_info_manager = AppInfoManager::get_instance(); + AppInfoManager& app_info_manager = ud->get_odp_ctxt().get_app_info_mgr(); DetectorAppUrlPattern* pattern = (DetectorAppUrlPattern*)snort_calloc(sizeof(DetectorAppUrlPattern)); pattern->userData.service_id = app_info_manager.get_appid_by_service_id(service_id); @@ -2034,7 +2035,7 @@ static int detector_add_rtmp_url(lua_State* L) pattern->patterns.scheme.patternSize = (int)schemePatternSize; HttpPatternMatchers::get_instance()->insert_rtmp_url_pattern(pattern); - AppInfoManager& app_info_manager = AppInfoManager::get_instance(); + AppInfoManager& app_info_manager = ud->get_odp_ctxt().get_app_info_mgr(); app_info_manager.set_app_info_active(pattern->userData.service_id); app_info_manager.set_app_info_active(pattern->userData.client_id); app_info_manager.set_app_info_active(pattern->userData.payload_id); @@ -2071,7 +2072,7 @@ static int detector_add_sip_user_agent(lua_State* L) SipUdpClientDetector::sipUaPatternAdd(client_app, clientVersion, uaPattern); - AppInfoManager::get_instance().set_app_info_active(client_app); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(client_app); return 0; } @@ -2098,12 +2099,12 @@ static int create_custom_application(lua_State* L) if (control) { - AppInfoTableEntry* entry = AppInfoManager::get_instance().add_dynamic_app_entry(tmp_string); + AppInfoTableEntry* entry = ud->get_odp_ctxt().get_app_info_mgr().add_dynamic_app_entry(tmp_string); appId = entry->appId; AppIdPegCounts::add_app_peg_info(tmp_string, appId); } else - appId = AppInfoManager::get_instance().get_appid_by_name(tmp_string); + appId = ud->get_odp_ctxt().get_app_info_mgr().get_appid_by_name(tmp_string); lua_pushnumber(L, appId); return 1; /*number of results */ @@ -2193,7 +2194,7 @@ static int add_http_pattern(lua_State* L) payload_id, APP_ID_NONE) ) { HttpPatternMatchers::get_instance()->insert_http_pattern(pat_type, pattern); - AppInfoManager& app_info_manager = AppInfoManager::get_instance(); + AppInfoManager& app_info_manager = ud->get_odp_ctxt().get_app_info_mgr(); app_info_manager.set_app_info_active(service_id); app_info_manager.set_app_info_active(client_id); app_info_manager.set_app_info_active(payload_id); @@ -2268,7 +2269,7 @@ static int add_url_pattern(lua_State* L) pattern->patterns.scheme.patternSize = (int)schemePatternSize; HttpPatternMatchers::get_instance()->insert_app_url_pattern(pattern); - AppInfoManager& app_info_manager = AppInfoManager::get_instance(); + AppInfoManager& app_info_manager = ud->get_odp_ctxt().get_app_info_mgr(); app_info_manager.set_app_info_active(service_id); app_info_manager.set_app_info_active(clientAppId); app_info_manager.set_app_info_active(payload_id); @@ -2322,7 +2323,7 @@ static int add_port_pattern_client(lua_State* L) pPattern->detectorName = snort_strdup(ud->get_detector()->get_name().c_str()); PatternClientDetector::insert_client_port_pattern(pPattern); - AppInfoManager::get_instance().set_app_info_active(appId); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); return 0; } @@ -2366,7 +2367,7 @@ static int add_port_pattern_service(lua_State* L) pPattern->offset = position; pPattern->detectorName = snort_strdup(ud->get_detector()->get_name().c_str()); PatternServiceDetector::insert_service_port_pattern(pPattern); - AppInfoManager::get_instance().set_app_info_active(appId); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); return 0; } @@ -2398,7 +2399,7 @@ static int detector_add_sip_server(lua_State* L) } SipUdpClientDetector::sipServerPatternAdd(client_app, clientVersion, uaPattern); - AppInfoManager::get_instance().set_app_info_active(client_app); + ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(client_app); return 0; } @@ -2456,7 +2457,7 @@ static int create_future_flow(lua_State* L) AppId app_id_to_snort = lua_tointeger(L, 10); if (app_id_to_snort > APP_ID_NONE) { - AppInfoTableEntry* entry = AppInfoManager::get_instance().get_app_info_entry( + AppInfoTableEntry* entry = ud->get_odp_ctxt().get_app_info_mgr().get_app_info_entry( app_id_to_snort); if (!entry) return 0; @@ -2468,7 +2469,7 @@ static int create_future_flow(lua_State* L) APPID_EARLY_SESSION_FLAG_FW_RULE); if (fp) { - fp->service.set_id(service_id); + fp->service.set_id(service_id, ud->get_odp_ctxt()); fp->client.set_id(client_id); fp->payload.set_id(payload_id); fp->set_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_NOT_A_SERVICE | diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 0f14efc18..124e92afc 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -95,7 +95,7 @@ inline void set_control(lua_State* L, int is_control) lua_pop(L, 1); } -static lua_State* create_lua_state(const AppIdConfig* config, int is_control) +static lua_State* create_lua_state(const AppIdConfig& config, int is_control) { auto L = luaL_newstate(); @@ -134,12 +134,12 @@ static lua_State* create_lua_state(const AppIdConfig* config, int is_control) { snprintf(new_lua_path, sizeof(new_lua_path) - 1, "%s;%s/odp/libs/?.lua;%s/custom/libs/?.lua", - cur_lua_path, config->app_detector_dir, config->app_detector_dir); + cur_lua_path, config.app_detector_dir, config.app_detector_dir); } else { snprintf(new_lua_path, sizeof(new_lua_path) - 1, "%s/odp/libs/?.lua;%s/custom/libs/?.lua", - config->app_detector_dir, config->app_detector_dir); + config.app_detector_dir, config.app_detector_dir); } lua_pop(L, 1); @@ -213,7 +213,7 @@ void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control) lua_detector_mgr->initialize_lua_detectors(); lua_detector_mgr->activate_lua_detectors(); - if (ctxt.config->debug) + if (ctxt.config.debug) lua_detector_mgr->list_lua_detectors(); } @@ -459,7 +459,7 @@ void LuaDetectorManager::load_lua_detectors(const char* path, bool isCustom) void LuaDetectorManager::initialize_lua_detectors() { char path[PATH_MAX]; - const char* dir = ctxt.config->app_detector_dir; + const char* dir = ctxt.config.app_detector_dir; if ( !dir ) return; diff --git a/src/network_inspectors/appid/service_plugins/service_detector.cc b/src/network_inspectors/appid/service_plugins/service_detector.cc index 4e25521ef..9bbbb4ddc 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.cc +++ b/src/network_inspectors/appid/service_plugins/service_detector.cc @@ -44,12 +44,12 @@ ServiceDetector::ServiceDetector() client = false; } -void ServiceDetector::register_appid(AppId appId, unsigned extractsInfo) +void ServiceDetector::register_appid(AppId appId, unsigned extractsInfo, OdpContext& odp_ctxt) { - AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId); + AppInfoTableEntry* pEntry = odp_ctxt.get_app_info_mgr().get_app_info_entry(appId); if (!pEntry) { - if ( AppInfoManager::get_instance().configured() ) + if ( odp_ctxt.get_app_info_mgr().configured() ) { ParseWarning(WARN_RULES, "appid: no entry for %d in appMapping.data; no rule support for this ID.", @@ -90,7 +90,7 @@ int ServiceDetector::update_service_data(AppIdSession& asd, const Packet* pkt, A asd.service.set_vendor(vendor); asd.service.set_version(version, change_bits); asd.set_service_detected(); - asd.service.set_id(appId); + asd.service.set_id(appId, asd.ctxt.get_odp_ctxt()); if (asd.get_session_flags(APPID_SESSION_IGNORE_HOST)) return APPID_SUCCESS; diff --git a/src/network_inspectors/appid/service_plugins/service_detector.h b/src/network_inspectors/appid/service_plugins/service_detector.h index 47eef7fad..fb57de27a 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.h +++ b/src/network_inspectors/appid/service_plugins/service_detector.h @@ -34,7 +34,7 @@ public: void do_custom_init() override { } void release_thread_resources() override { } - void register_appid(AppId, unsigned extractsInfo) override; + void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) override; int service_inprocess(AppIdSession&, const snort::Packet*, AppidSessionDirection dir); diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 1001aa954..a28eded45 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -613,7 +613,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, { // Third party has positively identified appId; Dig deeper only if our // detector identifies additional information or flow is UDP reversed. - AppInfoTableEntry* entry = asd.app_info_mgr->get_app_info_entry(tp_app_id); + AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( entry && entry->service_detector && ( ( entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL ) || ( ( entry->flags & APPINFO_FLAG_SERVICE_UDP_REVERSED ) && @@ -639,7 +639,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_available() ) { - AppInfoTableEntry* entry = asd.app_info_mgr->get_app_info_entry(tp_app_id); + AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( entry && entry->service_detector && !(entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL) ) { @@ -658,7 +658,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, // job of it than we do, so stay out of its way, and don't // waste time (but we will still get the Snort callbacks // for any of our own future flows). Shut down our detectors. - asd.service.set_id(APP_ID_SIP); + asd.service.set_id(APP_ID_SIP, asd.ctxt.get_odp_ctxt()); asd.stop_rna_service_inspection(p, direction); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; } @@ -667,7 +667,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, { // No need for anybody to keep wasting time once we've // found RTP - Shut down our detectors. - asd.service.set_id(tp_app_id); + asd.service.set_id(tp_app_id, asd.ctxt.get_odp_ctxt()); asd.stop_rna_service_inspection(p, direction); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; // - Shut down TP. @@ -696,7 +696,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, } AppIdDnsSession* dsession = asd.get_dns_session(); - if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->get_odp_ctxt().dns_host_reporting + if (asd.service.get_id() == APP_ID_DNS && asd.ctxt.get_odp_ctxt().dns_host_reporting && dsession->get_host()) { AppId client_id = APP_ID_NONE; @@ -739,7 +739,7 @@ int ServiceDiscovery::incompatible_data(AppIdSession& asd, const Packet* pkt, Ap asd.set_service_detected(); asd.clear_session_flags(APPID_SESSION_CONTINUE); - asd.service.set_id(APP_ID_NONE); + asd.service.set_id(APP_ID_NONE, asd.ctxt.get_odp_ctxt()); if ( asd.get_session_flags(APPID_SESSION_IGNORE_HOST | APPID_SESSION_UDP_REVERSED) ) return APPID_SUCCESS; @@ -775,7 +775,7 @@ int ServiceDiscovery::fail_service(AppIdSession& asd, const Packet* pkt, AppidSe if ( !asd.service_detector && !asd.service_candidates.empty() ) return APPID_SUCCESS; - asd.service.set_id(APP_ID_NONE); + asd.service.set_id(APP_ID_NONE, asd.ctxt.get_odp_ctxt()); asd.set_service_detected(); asd.clear_session_flags(APPID_SESSION_CONTINUE); diff --git a/src/network_inspectors/appid/service_plugins/service_ftp.cc b/src/network_inspectors/appid/service_plugins/service_ftp.cc index ccc282311..e3d93a788 100644 --- a/src/network_inspectors/appid/service_plugins/service_ftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_ftp.cc @@ -893,12 +893,12 @@ void FtpServiceDetector::create_expected_session(AppIdSession& asd, const Packet uint64_t encrypted_flags = asd.get_session_flags(APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED); if (encrypted_flags == APPID_SESSION_ENCRYPTED) { - fp->service.set_id(APP_ID_FTPSDATA); + fp->service.set_id(APP_ID_FTPSDATA, asd.ctxt.get_odp_ctxt()); } else { encrypted_flags = 0; // reset (APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED) bits - fp->service.set_id(APP_ID_FTP_DATA); + fp->service.set_id(APP_ID_FTP_DATA, asd.ctxt.get_odp_ctxt()); } initialize_expected_session(asd, *fp, APPID_SESSION_IGNORE_ID_FLAGS | encrypted_flags, dir); diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index a8e7287ef..f48ae1360 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -150,7 +150,7 @@ int MdnsServiceDetector::validate(AppIdDiscoveryArgs& args) ret_val = validate_reply(args.data, args.size); if (ret_val == 1) { - if (args.ctxt->get_odp_ctxt().mdns_user_reporting) + if (args.ctxt.get_odp_ctxt().mdns_user_reporting) { analyze_user(args.asd, args.pkt, args.size); destroy_match_list(); diff --git a/src/network_inspectors/appid/service_plugins/service_rtmp.cc b/src/network_inspectors/appid/service_plugins/service_rtmp.cc index f55f2ae37..c715efcef 100644 --- a/src/network_inspectors/appid/service_plugins/service_rtmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_rtmp.cc @@ -615,7 +615,7 @@ int RtmpServiceDetector::validate(AppIdDiscoveryArgs& args) } /* Give up if it's taking us too long to figure out this thing. */ - if (args.asd.session_packet_count >= args.asd.ctxt->get_odp_ctxt().rtmp_max_packets) + if (args.asd.session_packet_count >= args.asd.ctxt.get_odp_ctxt().rtmp_max_packets) { goto fail; } @@ -648,7 +648,7 @@ success: if ( ss->pageUrl ) { if ( !hsession->get_field(REQ_REFERER_FID) && - !args.asd.ctxt->get_odp_ctxt().referred_appId_disabled ) + !args.asd.ctxt.get_odp_ctxt().referred_appId_disabled ) hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits); snort_free(ss->pageUrl); diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc index 1ce4b44b4..438f51468 100644 --- a/src/network_inspectors/appid/service_plugins/service_snmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc @@ -472,7 +472,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) { args.asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_NOT_A_SERVICE); args.asd.clear_session_flags(APPID_SESSION_CONTINUE); - args.asd.service.set_id(APP_ID_SNMP); + args.asd.service.set_id(APP_ID_SNMP, args.asd.ctxt.get_odp_ctxt()); break; } sd->state = SNMP_STATE_RESPONSE; diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc index 69ea7bff5..5802f6517 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.cc +++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc @@ -1025,9 +1025,9 @@ void ssl_detector_free_patterns() ssl_patterns_free(&service_ssl_config.DetectorSSLCnamePatternList); } -bool setSSLSquelch(Packet* p, int type, AppId appId) +bool setSSLSquelch(Packet* p, int type, AppId appId, OdpContext& odp_ctxt) { - if (!AppInfoManager::get_instance().get_app_info_flags(appId, APPINFO_FLAG_SSL_SQUELCH)) + if (!odp_ctxt.get_app_info_mgr().get_app_info_flags(appId, APPINFO_FLAG_SSL_SQUELCH)) return false; const SfIp* dip = p->ptrs.ip_api.get_dst(); diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.h b/src/network_inspectors/appid/service_plugins/service_ssl.h index 31ab767c0..2836a6420 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.h +++ b/src/network_inspectors/appid/service_plugins/service_ssl.h @@ -24,6 +24,7 @@ #include "service_detector.h" +class OdpContext; class ServiceDiscovery; class SslServiceDetector : public ServiceDetector @@ -43,7 +44,7 @@ int ssl_scan_cname(const uint8_t*, size_t, AppId&, AppId&); int ssl_add_cert_pattern(uint8_t*, size_t, uint8_t, AppId); int ssl_add_cname_pattern(uint8_t*, size_t, uint8_t, AppId); void ssl_detector_free_patterns(); -bool setSSLSquelch(snort::Packet*, int type, AppId); +bool setSSLSquelch(snort::Packet*, int type, AppId, OdpContext&); #endif diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index b15d8d3d3..e5c7bf5aa 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -85,13 +85,17 @@ TEST_GROUP(appid_api) TEST(appid_api, get_application_name) { - const char* app_name = appid_api.get_application_name(1066); + AppIdConfig config; + AppIdContext ctxt(config); + const char* app_name = appid_api.get_application_name(1066, ctxt); STRCMP_EQUAL(app_name, test_app_name); } TEST(appid_api, get_application_id) { - AppId id = appid_api.get_application_id(test_app_name); + AppIdConfig config; + AppIdContext ctxt(config); + AppId id = appid_api.get_application_id(test_app_name, ctxt); CHECK_EQUAL(id, 1492); } diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index 1053376d0..791c7e35c 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -52,8 +52,12 @@ public: AppIdInspector() = default; }; +AppIdConfig::~AppIdConfig() { } + +AppIdConfig stub_config; +AppIdContext stub_ctxt(stub_config); AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector&) - : FlowData(0) { } + : FlowData(0), ctxt(stub_ctxt) { } AppIdSession::~AppIdSession() = default; // Utility functions diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index 633e69e7d..1c1a56522 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -36,6 +36,7 @@ #include #include +snort::Inspector* snort::InspectorManager::get_inspector(char const*, bool, snort::SnortConfig*) { } void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} @@ -46,7 +47,7 @@ public: void do_custom_init() override { } int validate(AppIdDiscoveryArgs&) override { return 0; } - void register_appid(AppId, unsigned) override { } + void register_appid(AppId, unsigned, OdpContext&) override { } void release_thread_resources() override { } }; diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 762e609cf..7b488e121 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -138,11 +138,8 @@ PegCount* AppIdModule::get_counts() const { return nullptr; } ProfileStats* AppIdModule::get_profile() const { return nullptr; } // Stubs for config -AppIdConfig::~AppIdConfig() {} static AppIdConfig app_config; -static AppIdContext app_ctxt(&app_config); -static OdpContext odpctxt; -OdpContext* AppIdContext::odp_ctxt = &odpctxt; +static AppIdContext app_ctxt(app_config); AppId AppIdContext::get_port_service_id(IpProtocol, uint16_t) { return APP_ID_NONE; @@ -154,17 +151,17 @@ AppId AppIdContext::get_protocol_service_id(IpProtocol) } // Stubs for AppIdInspector -AppIdInspector::AppIdInspector(AppIdModule&) {} +AppIdInspector::AppIdInspector(AppIdModule&) { ctxt = &stub_ctxt; } AppIdInspector::~AppIdInspector() = default; void AppIdInspector::eval(Packet*) { } bool AppIdInspector::configure(SnortConfig*) { return true; } void AppIdInspector::show(SnortConfig*) { } void AppIdInspector::tinit() { } void AppIdInspector::tterm() { } -AppIdContext* AppIdInspector::get_ctxt() +AppIdContext& AppIdInspector::get_ctxt() const { - app_ctxt.config = &app_config; - return &app_ctxt; + assert(ctxt); + return *ctxt; } // Stubs for AppInfoManager @@ -332,7 +329,6 @@ TEST(appid_discovery_tests, event_published_when_ignoring_flow) Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; - asd->ctxt = &app_ctxt; asd->common.initiator_port = 21; asd->common.initiator_ip.set("1.2.3.4"); asd->set_session_flags(APPID_SESSION_IGNORE_FLOW); @@ -364,7 +360,6 @@ TEST(appid_discovery_tests, event_published_when_processing_flow) Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; - asd->ctxt = &app_ctxt; asd->common.initiator_port = 21; asd->common.initiator_ip.set("1.2.3.4"); @@ -421,13 +416,12 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) flow->set_flow_data(asd); p.flow = flow; p.ptrs.tcph = nullptr; - asd->ctxt = &app_ctxt; asd->common.initiator_port = 21; asd->common.initiator_ip.set("1.2.3.4"); asd->misc_app_id = APP_ID_NONE; asd->payload.set_id(APP_ID_NONE); asd->client.set_id(APP_ID_CURL); - asd->service.set_id(APP_ID_FTP); + asd->service.set_id(APP_ID_FTP, app_ctxt.get_odp_ctxt()); AppIdDiscovery::do_application_discovery(&p, ins, nullptr); @@ -441,7 +435,7 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) asd->misc_app_id = APP_ID_NONE; asd->payload.set_id(APP_ID_NONE); asd->client.set_id(APP_ID_NONE); - asd->service.set_id(APP_ID_DNS); + asd->service.set_id(APP_ID_DNS, app_ctxt.get_odp_ctxt()); AppIdDiscovery::do_application_discovery(&p, ins, nullptr); // Detect event for DNS service diff --git a/src/network_inspectors/appid/test/appid_expected_flags_test.cc b/src/network_inspectors/appid/test/appid_expected_flags_test.cc index 871e2f9e9..3d2304744 100644 --- a/src/network_inspectors/appid/test/appid_expected_flags_test.cc +++ b/src/network_inspectors/appid/test/appid_expected_flags_test.cc @@ -28,6 +28,8 @@ #include #include +snort::Inspector* snort::InspectorManager::get_inspector(char const*, bool, snort::SnortConfig*) { return nullptr; } + void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index aab2c7116..9794b4a3e 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -31,6 +31,7 @@ #include "service_inspectors/http_inspect/http_msg_header.h" #include "tp_appid_module_api.h" #include "tp_appid_session_api.h" +#include "appid_config.h" #include "appid_http_session.h" #include "appid_module.h" @@ -91,15 +92,20 @@ AppId HttpPatternMatchers::get_appid_by_content_type(const char*, int) } bool HttpPatternMatchers::get_appid_from_url(char*, const char*, char**, - const char*, AppId*, AppId*, AppId*, AppId* referredPayloadAppId, bool) + const char*, AppId*, AppId*, AppId*, AppId* referredPayloadAppId, bool, OdpContext&) { *referredPayloadAppId = APP_ID_FACEBOOK; return true; } +static AppIdConfig stub_config; +static AppIdContext stub_ctxt(stub_config); +static OdpContext stub_odp_ctxt(stub_config, nullptr); +OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; + // AppIdSession mock functions AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector) + : FlowData(inspector_id, &inspector), ctxt(stub_ctxt) { } @@ -164,6 +170,9 @@ void Profiler::show_stats() { } MemoryContext::MemoryContext(MemoryTracker&) { } MemoryContext::~MemoryContext() { } +OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { } +AppIdConfig::~AppIdConfig() { } + unsigned AppIdSession::inspector_id = 0; THREAD_LOCAL AppIdDebug* appidDebug = nullptr; @@ -266,7 +275,9 @@ TEST(appid_http_session, change_bits_for_referred_appid) // Testing set_referred_payload_app_id_data AppidChangeBits change_bits; AppIdPegCounts::init_pegs(); - session.service.set_id(APP_ID_HTTP); + AppIdConfig config; + OdpContext odp_ctxt(config, nullptr); + session.service.set_id(APP_ID_HTTP, odp_ctxt); session.scan_flags |= SCAN_HTTP_HOST_URL_FLAG; hsession.set_skip_simple_detect(false); hsession.set_field( (HttpFieldIds)2, new std::string("referer"), change_bits ); diff --git a/src/network_inspectors/appid/test/appid_mock_inspector.h b/src/network_inspectors/appid/test/appid_mock_inspector.h index c94782862..cf9f6137b 100644 --- a/src/network_inspectors/appid/test/appid_mock_inspector.h +++ b/src/network_inspectors/appid/test/appid_mock_inspector.h @@ -21,6 +21,8 @@ #ifndef APPID_MOCK_INSPECTOR_H #define APPID_MOCK_INSPECTOR_H +#include "appid_inspector.h" + typedef uint64_t Trace; class Value; @@ -58,17 +60,14 @@ const PegInfo* AppIdModule::get_pegs() const { return nullptr; } PegCount* AppIdModule::get_counts() const { return nullptr; } snort::ProfileStats* AppIdModule::get_profile() const { return nullptr; } -class AppIdInspector : public snort::Inspector -{ -public: - AppIdInspector(AppIdModule& ) { } - ~AppIdInspector() override = default; - void eval(snort::Packet*) override { } - bool configure(snort::SnortConfig*) override { return true; } - void show(snort::SnortConfig*) override { } - void tinit() override { } - void tterm() override { } -}; +AppIdInspector::AppIdInspector(AppIdModule& ) { } +AppIdInspector::~AppIdInspector() { } +void AppIdInspector::eval(snort::Packet*) { } +bool AppIdInspector::configure(snort::SnortConfig*) { return true; } +void AppIdInspector::show(snort::SnortConfig*) { } +void AppIdInspector::tinit() { } +void AppIdInspector::tterm() { } +AppIdContext& AppIdInspector::get_ctxt() const { return *ctxt; } AppIdModule appid_mod; AppIdInspector appid_inspector( appid_mod ); diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index 994f6e1cb..400a09948 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -70,8 +70,15 @@ public: } }; +AppIdConfig::~AppIdConfig() { } +OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { } + +static AppIdConfig stub_config; +static AppIdContext stub_ctxt(stub_config); +static OdpContext stub_odp_ctxt(stub_config, nullptr); +OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; AppIdSession::AppIdSession(IpProtocol proto, const SfIp*, uint16_t, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), protocol(proto) + : FlowData(inspector_id, &inspector), ctxt(stub_ctxt), protocol(proto) { common.flow_type = APPID_FLOW_TYPE_NORMAL; service_port = APPID_UT_SERVICE_PORT; @@ -96,7 +103,7 @@ AppIdSession::AppIdSession(IpProtocol proto, const SfIp*, uint16_t, AppIdInspect dsession = new MockAppIdDnsSession; tp_app_id = APPID_UT_ID; - service.set_id(APPID_UT_ID + 1); + service.set_id(APPID_UT_ID + 1, ctxt.get_odp_ctxt()); client_inferred_service_id = APPID_UT_ID + 2; service.set_port_service_id(APPID_UT_ID + 3); payload.set_id(APPID_UT_ID + 4); diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index 11a57d670..ed08d46d9 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -31,6 +31,7 @@ #include void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } + void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data) { delete data; @@ -48,8 +49,8 @@ void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data) AppIdSession* mock_session = nullptr; AppIdSessionApi* appid_session_api = nullptr; -static OdpContext odpctxt; -OdpContext* AppIdContext::odp_ctxt = &odpctxt; +static AppIdConfig config; +static OdpContext odpctxt(config, nullptr); TEST_GROUP(appid_session_api) { @@ -221,7 +222,7 @@ TEST(appid_session_api, is_appid_inspecting_session) // 4th if in is_appid_inspecting_session mock_session->set_tp_app_id(APP_ID_NONE); - mock_session->ctxt->get_odp_ctxt().check_host_port_app_cache = true; + mock_session->ctxt.get_odp_ctxt().check_host_port_app_cache = true; val = appid_session_api->is_appid_inspecting_session(); CHECK_TRUE(val); } @@ -386,8 +387,6 @@ int main(int argc, char** argv) { mock_init_appid_pegs(); mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector); - AppIdConfig *config = new AppIdConfig(); - mock_session->ctxt = new AppIdContext(config); int rc = CommandLineTestRunner::RunAllTests(argc, argv); mock_cleanup_appid_pegs(); return rc; diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index 6944275b5..1477263c6 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -72,8 +72,11 @@ THREAD_LOCAL AppIdStats appid_stats; void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; } void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +AppIdConfig::~AppIdConfig() { } +AppIdConfig stub_config; +AppIdContext stub_ctxt(stub_config); AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector&) - : FlowData(0) {} + : FlowData(0), ctxt(stub_ctxt) {} AppIdSession::~AppIdSession() = default; AppIdDiscovery::AppIdDiscovery() {} AppIdDiscovery::~AppIdDiscovery() {} diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index f75ab9ff8..cadced2cb 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -39,12 +39,13 @@ using namespace std; static TPLibHandler* tph = nullptr; static AppIdConfig config; -static AppIdContext ctxt(&config); -static OdpContext odpctxt; -OdpContext* AppIdContext::odp_ctxt = &odpctxt; +static AppIdContext ctxt(config); +static OdpContext stub_odp_ctxt(config, nullptr); +OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr; AppIdConfig::~AppIdConfig() { } +OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { } TEST_GROUP(tp_lib_handler) { diff --git a/src/network_inspectors/appid/test/tp_mock.cc b/src/network_inspectors/appid/test/tp_mock.cc index 88a4de79a..c64f4eece 100644 --- a/src/network_inspectors/appid/test/tp_mock.cc +++ b/src/network_inspectors/appid/test/tp_mock.cc @@ -86,7 +86,7 @@ extern "C" { SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& config) { - return new ThirdPartyAppIdContextImpl(3,"foobar", config); + return new ThirdPartyAppIdContextImpl(THIRD_PARTY_APPID_API_VERSION,"foobar", config); } SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt) diff --git a/src/network_inspectors/appid/tp_appid_module_api.h b/src/network_inspectors/appid/tp_appid_module_api.h index d397122a3..818dd7c3c 100644 --- a/src/network_inspectors/appid/tp_appid_module_api.h +++ b/src/network_inspectors/appid/tp_appid_module_api.h @@ -25,7 +25,7 @@ #include #include "tp_appid_types.h" -#define THIRD_PARTY_APP_ID_API_VERSION 3 +#define THIRD_PARTY_APPID_API_VERSION 4 class ThirdPartyConfig { diff --git a/src/network_inspectors/appid/tp_appid_session_api.h b/src/network_inspectors/appid/tp_appid_session_api.h index e025ec45c..a7335b792 100644 --- a/src/network_inspectors/appid/tp_appid_session_api.h +++ b/src/network_inspectors/appid/tp_appid_session_api.h @@ -55,8 +55,8 @@ public: virtual void set_attr(TPSessionAttr) = 0; virtual unsigned get_attr(TPSessionAttr) = 0; virtual AppId get_appid(int& conf) { conf=confidence; return appid; } - virtual const ThirdPartyAppIdContext* get_ctxt() const - { return &ctxt; } + virtual const ThirdPartyAppIdContext& get_ctxt() const + { return ctxt; } protected: AppId appid; diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index 305ade9e0..03572b834 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -61,12 +61,12 @@ static inline bool check_reinspect(const Packet* p, const AppIdSession& asd) !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_done() and p->dsize; } -static inline int check_ssl_appid_for_reinspect(AppId app_id) +static inline int check_ssl_appid_for_reinspect(AppId app_id, OdpContext& odp_ctxt) { if (app_id <= SF_APPID_MAX && (app_id == APP_ID_SSL || - AppInfoManager::get_instance().get_app_info_flags(app_id, - APPINFO_FLAG_SSL_INSPECT))) + odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, + APPINFO_FLAG_SSL_INSPECT))) return 1; else return 0; @@ -288,7 +288,7 @@ static inline void process_http_session(AppIdSession& asd, LogMessage("AppIdDbg %s HTTP response upgrade is %s\n", appidDebug->get_debug_session(),field->c_str()); - if (asd.ctxt->get_odp_ctxt().http2_detection_enabled) + if (asd.ctxt.get_odp_ctxt().http2_detection_enabled) { const std::string* rc = hsession->get_field(MISC_RESP_CODE_FID); if ( rc && *rc == "101" ) @@ -420,7 +420,7 @@ static inline void process_rtmp(AppIdSession& asd, } } - if ( !asd.ctxt->get_odp_ctxt().referred_appId_disabled && + if ( !asd.ctxt.get_odp_ctxt().referred_appId_disabled && !hsession->get_field(REQ_REFERER_FID) ) { if ( ( field=attribute_data.http_request_referer(own) ) != nullptr ) @@ -465,7 +465,7 @@ static inline void process_rtmp(AppIdSession& asd, } if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 && - asd.session_packet_count > asd.ctxt->get_odp_ctxt().rtmp_max_packets) ) + asd.session_packet_count > asd.ctxt.get_odp_ctxt().rtmp_max_packets) ) { const std::string* url; if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr ) @@ -474,11 +474,11 @@ static inline void process_rtmp(AppIdSession& asd, const char* referer = hsession->get_cfield(REQ_REFERER_FID); if ( ( ( http_matchers->get_appid_from_url(nullptr, url->c_str(), nullptr, referer, &client_id, &service_id, - &payload_id, &referred_payload_app_id, 1) ) + &payload_id, &referred_payload_app_id, true, asd.ctxt.get_odp_ctxt()) ) || ( http_matchers->get_appid_from_url(nullptr, url->c_str(), nullptr, referer, &client_id, &service_id, - &payload_id, &referred_payload_app_id, 0) ) ) == 1 ) + &payload_id, &referred_payload_app_id, false, asd.ctxt.get_odp_ctxt()) ) ) == 1 ) { // do not overwrite a previously-set client or service if ( client_id <= APP_ID_NONE ) @@ -518,7 +518,7 @@ static inline void process_ssl(AppIdSession& asd, if (!asd.client.get_id()) asd.set_client_appid_data(APP_ID_SSL_CLIENT, change_bits); - reinspect_ssl_appid = check_ssl_appid_for_reinspect(tmpAppId); + reinspect_ssl_appid = check_ssl_appid_for_reinspect(tmpAppId, asd.ctxt.get_odp_ctxt()); if ((field=attribute_data.tls_host(false)) != nullptr) { @@ -547,7 +547,7 @@ static inline void process_ftp_control(AppIdSession& asd, ThirdPartyAppIDAttributeData& attribute_data) { const string* field=0; - if (!asd.ctxt->get_odp_ctxt().ftp_userid_disabled && + if (!asd.ctxt.get_odp_ctxt().ftp_userid_disabled && (field=attribute_data.ftp_command_user()) != nullptr) { asd.client.update_user(APP_ID_FTP_CONTROL, field->c_str()); @@ -596,7 +596,7 @@ static inline void check_terminate_tp_module(AppIdSession& asd, uint16_t tpPktCo { AppIdHttpSession* hsession = asd.get_http_session(); - if ((tpPktCount >= asd.ctxt->get_odp_ctxt().max_tp_flow_depth) || + if ((tpPktCount >= asd.ctxt.get_odp_ctxt().max_tp_flow_depth) || (asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) == (APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) && hsession->get_field(REQ_URI_FID) && @@ -634,7 +634,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I /*** Start of third-party processing. ***/ bool isTpAppidDiscoveryDone = false; - if (p->dsize || asd.ctxt->get_odp_ctxt().tp_allow_probes) + if (p->dsize || asd.ctxt.get_odp_ctxt().tp_allow_probes) { //restart inspection by 3rd party if (!asd.tp_reinspect_by_initiator && (direction == APP_ID_FROM_INITIATOR) && @@ -654,7 +654,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if (!asd.is_tp_processing_done()) { if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK) - || asd.ctxt->get_odp_ctxt().tp_allow_probes) + || asd.ctxt.get_odp_ctxt().tp_allow_probes) { int tp_confidence; ThirdPartyAppIDAttributeData tp_attribute_data; @@ -693,7 +693,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if (appidDebug->is_active()) { - const char *app_name = AppInfoManager::get_instance().get_app_name(tp_app_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); LogMessage("AppIdDbg %s 3rd party returned %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", @@ -712,7 +712,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I asd.is_http2 = true; } // if the third-party appId must be treated as a client, do it now - unsigned app_info_flags = asd.app_info_mgr->get_app_info_flags(tp_app_id, + unsigned app_info_flags = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(tp_app_id, APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE | APPINFO_FLAG_SSL_SQUELCH); if ( app_info_flags & APPINFO_FLAG_TP_CLIENT ) @@ -725,7 +725,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I asd.get_session_flags(APPID_SESSION_SSL_SESSION) and !(asd.scan_flags & SCAN_SSL_HOST_FLAG)) { - setSSLSquelch(p, 1, tp_app_id); + setSSLSquelch(p, 1, tp_app_id, asd.ctxt.get_odp_ctxt()); } if ( app_info_flags & APPINFO_FLAG_IGNORE ) @@ -824,8 +824,8 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I asd.service.set_port_service_id(portAppId); if (appidDebug->is_active()) { - const char *service_name = AppInfoManager::get_instance().get_app_name(tp_app_id); - const char *port_service_name = AppInfoManager::get_instance().get_app_name(asd.service.get_port_service_id()); + const char *service_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); + const char *port_service_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.service.get_port_service_id()); LogMessage("AppIdDbg %s SSL is service %s (%d), portServiceAppId %s (%d)\n", appidDebug->get_debug_session(), service_name ? service_name : "unknown", tp_app_id, @@ -838,7 +838,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I tp_app_id = portAppId; if (appidDebug->is_active()) { - const char *app_name = AppInfoManager::get_instance().get_app_name(tp_app_id); + const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); LogMessage("AppIdDbg %s SSL is %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", tp_app_id); } diff --git a/src/network_inspectors/appid/tp_lib_handler.cc b/src/network_inspectors/appid/tp_lib_handler.cc index be938aacd..d3186519e 100644 --- a/src/network_inspectors/appid/tp_lib_handler.cc +++ b/src/network_inspectors/appid/tp_lib_handler.cc @@ -117,7 +117,7 @@ ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& co return nullptr; } - if ( (tp_appid_ctxt->api_version() != THIRD_PARTY_APP_ID_API_VERSION) + if ( (tp_appid_ctxt->api_version() != THIRD_PARTY_APPID_API_VERSION) || (tp_appid_ctxt->module_name().empty()) ) { ErrorMessage("Ignoring incomplete 3rd party AppID module (%s, %u, %s)!\n",