From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Thu, 17 Dec 2020 21:29:17 +0000 (+0000)
Subject: Merge pull request #2674 in SNORT/snort3 from ~SMINUT/snort3:rna_misc to master
X-Git-Tag: 3.0.3-6~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f9dcd45818d05119cfc0f7d34e46583a676c411;p=thirdparty%2Fsnort3.git

Merge pull request #2674 in SNORT/snort3 from ~SMINUT/snort3:rna_misc to master

Squashed commit of the following:

commit 284465093b36806f241318cd9e68ac8be2b03f89
Author: Silviu Minut <sminut@cisco.com>
Date:   Wed Dec 16 18:14:42 2020 -0500

    rna:
    * do null check on the RnaInspector rather than the RnaModule in the control commands
    * make the mac cache persist over reload config
---

diff --git a/src/network_inspectors/rna/data_purge_cmd.cc b/src/network_inspectors/rna/data_purge_cmd.cc
index 67b05adc9..bb1db13b6 100644
--- a/src/network_inspectors/rna/data_purge_cmd.cc
+++ b/src/network_inspectors/rna/data_purge_cmd.cc
@@ -32,18 +32,17 @@
 
 using namespace snort;
 
+extern HostCacheMac* host_cache_mac_ptr;
+
 DataPurgeAC::~DataPurgeAC()
 {
-    auto rna_ins = (RnaInspector*) InspectorManager::get_inspector(RNA_NAME, true);
-    RnaPnd* pnd = rna_ins->get_pnd();
-    delete pnd->host_cache_mac_ptr;
-    pnd->host_cache_mac_ptr = host_cache_mac;
-    set_host_cache_mac(host_cache_mac);
+    delete host_cache_mac_ptr;
+    host_cache_mac_ptr = mac_cache;
+    set_host_cache_mac(mac_cache);
 }
 
 bool DataPurgeAC::execute(Analyzer&, void**)
 {
-    set_host_cache_mac(host_cache_mac);
+    set_host_cache_mac(mac_cache);
     return true;
 }
-
diff --git a/src/network_inspectors/rna/data_purge_cmd.h b/src/network_inspectors/rna/data_purge_cmd.h
index dfca23ac5..a0b5c1c86 100644
--- a/src/network_inspectors/rna/data_purge_cmd.h
+++ b/src/network_inspectors/rna/data_purge_cmd.h
@@ -29,7 +29,8 @@ class DataPurgeAC : public snort::AnalyzerCommand
 {
 public:
 
-    DataPurgeAC(HostCacheMac* hcm) : host_cache_mac(hcm) { }
+    DataPurgeAC(HostCacheMac* new_cache) : mac_cache(new_cache) { }
+
     ~DataPurgeAC() override;
 
     bool execute(Analyzer&, void**) override;
@@ -37,7 +38,7 @@ public:
     const char* stringify() override { return "DATA_PURGE"; }
 
 private:
-    HostCacheMac* host_cache_mac;
+    HostCacheMac* mac_cache;
 };
 
 #endif
diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc
index 6c6fe2991..d227d0bef 100644
--- a/src/network_inspectors/rna/rna_inspector.cc
+++ b/src/network_inspectors/rna/rna_inspector.cc
@@ -39,6 +39,7 @@
 #include "rna_fingerprint_tcp.h"
 #include "rna_fingerprint_ua.h"
 #include "rna_fingerprint_udp.h"
+#include "rna_mac_cache.h"
 #include "rna_module.h"
 #include "rna_pnd.h"
 
@@ -56,6 +57,8 @@ THREAD_LOCAL ProfileStats rna_perf_stats;
 // class stuff
 //-------------------------------------------------------------------------
 
+HostCacheMac* host_cache_mac_ptr = nullptr;
+
 RnaInspector::RnaInspector(RnaModule* mod)
 {
     mod_conf = mod->get_config();
@@ -102,7 +105,7 @@ bool RnaInspector::configure(SnortConfig* sc)
 
     // tinit is not called during reload, so pass processor pointers to threads via reload tuner
     if ( Snort::is_reloading() && InspectorManager::get_inspector(RNA_NAME, true) )
-        sc->register_reload_resource_tuner(new FpProcReloadTuner(*mod_conf, pnd->host_cache_mac_ptr));
+        sc->register_reload_resource_tuner(new FpProcReloadTuner(*mod_conf));
 
     return true;
 }
@@ -145,7 +148,7 @@ void RnaInspector::tinit()
     set_tcp_fp_processor(mod_conf->tcp_processor);
     set_ua_fp_processor(mod_conf->ua_processor);
     set_udp_fp_processor(mod_conf->udp_processor);
-    set_host_cache_mac(pnd->host_cache_mac_ptr);
+    set_host_cache_mac(host_cache_mac_ptr);
 }
 
 void RnaInspector::tterm()
@@ -253,11 +256,14 @@ static void rna_inspector_pinit()
 {
     // global initialization
     RNAFlow::init();
+    host_cache_mac_ptr = new HostCacheMac(MAC_CACHE_INITIAL_SIZE);
+    set_host_cache_mac(host_cache_mac_ptr);
 }
 
 static void rna_inspector_pterm()
 {
     // global cleanup
+    delete host_cache_mac_ptr;
 }
 
 static Inspector* rna_inspector_ctor(Module* m)
diff --git a/src/network_inspectors/rna/rna_module.cc b/src/network_inspectors/rna/rna_module.cc
index 6e735bc1f..abf7c4257 100644
--- a/src/network_inspectors/rna/rna_module.cc
+++ b/src/network_inspectors/rna/rna_module.cc
@@ -64,7 +64,8 @@ THREAD_LOCAL const Trace* rna_trace = nullptr;
 static int dump_mac_cache(lua_State* L)
 {
     RnaModule* mod = (RnaModule*) ModuleManager::get_module(RNA_NAME);
-    if ( mod )
+    Inspector* rna = InspectorManager::get_inspector(RNA_NAME, true);
+    if ( rna && mod )
         mod->log_mac_cache( luaL_optstring(L, 1, nullptr) );
     return 0;
 }
@@ -86,8 +87,8 @@ static inline string format_dump_mac(const uint8_t mac[MAC_SIZE])
 
 static int purge_data(lua_State* L)
 {
-    RnaModule* mod = (RnaModule*) ModuleManager::get_module(RNA_NAME);
-    if ( mod )
+    Inspector* rna = InspectorManager::get_inspector(RNA_NAME, true);
+    if ( rna )
     {
         HostCacheMac* mac_cache = new HostCacheMac(MAC_CACHE_INITIAL_SIZE);
         main_broadcast_command(new DataPurgeAC(mac_cache), (L != nullptr));
@@ -107,7 +108,6 @@ bool FpProcReloadTuner::tinit()
     set_tcp_fp_processor(mod_conf.tcp_processor);
     set_ua_fp_processor(mod_conf.ua_processor);
     set_udp_fp_processor(mod_conf.udp_processor);
-    set_host_cache_mac(host_cache_mac_ptr);
     return false;  // no work to do after this
 }
 
@@ -161,8 +161,8 @@ static bool get_mac_from_args(lua_State* L, uint8_t* mac_addr)
 
 static int delete_mac_host(lua_State* L)
 {
-    RnaModule* mod = (RnaModule*) ModuleManager::get_module(RNA_NAME);
-    if ( mod )
+    Inspector* rna = InspectorManager::get_inspector(RNA_NAME, true);
+    if ( rna )
     {
         uint8_t mac[MAC_SIZE] = {0};
 
@@ -197,8 +197,8 @@ static int delete_mac_host(lua_State* L)
 
 static int delete_mac_host_proto(lua_State* L)
 {
-    RnaModule* mod = (RnaModule*) ModuleManager::get_module(RNA_NAME);
-    if ( mod )
+    Inspector* rna = InspectorManager::get_inspector(RNA_NAME, true);
+    if ( rna )
     {
         uint8_t mac[MAC_SIZE] = {0};
 
diff --git a/src/network_inspectors/rna/rna_module.h b/src/network_inspectors/rna/rna_module.h
index 581084179..09a0e00d9 100644
--- a/src/network_inspectors/rna/rna_module.h
+++ b/src/network_inspectors/rna/rna_module.h
@@ -58,8 +58,8 @@ extern THREAD_LOCAL const snort::Trace* rna_trace;
 class FpProcReloadTuner : public snort::ReloadResourceTuner
 {
 public:
-    explicit FpProcReloadTuner(RnaModuleConfig& mod_conf, HostCacheMac* ptr = nullptr)
-	: mod_conf(mod_conf), host_cache_mac_ptr(ptr) { }
+    explicit FpProcReloadTuner(RnaModuleConfig& mod_conf)
+        : mod_conf(mod_conf) { }
     ~FpProcReloadTuner() override = default;
 
     bool tinit() override;
@@ -72,7 +72,6 @@ public:
 
 private:
     RnaModuleConfig& mod_conf;
-    HostCacheMac* host_cache_mac_ptr = nullptr;
 };
 
 class RnaModule : public snort::Module
diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc
index c50d53a8a..b61a7d41e 100644
--- a/src/network_inspectors/rna/rna_pnd.cc
+++ b/src/network_inspectors/rna/rna_pnd.cc
@@ -28,6 +28,7 @@
 
 #include <algorithm>
 
+#include "main/snort.h"
 #include "protocols/arp.h"
 #include "protocols/bpdu.h"
 #include "protocols/cdp.h"
@@ -83,16 +84,10 @@ RnaPnd::RnaPnd(const bool en, const std::string& cp, RnaConfig* rc) :
     logger(RnaLogger(en)), filter(DiscoveryFilter(cp)), conf(rc)
 {
     update_timeout = (rc ? rc->update_timeout : 0);
-    host_cache_mac_ptr = new HostCacheMac(MAC_CACHE_INITIAL_SIZE);
-    set_host_cache_mac(host_cache_mac_ptr);
 }
 
 RnaPnd::~RnaPnd()
-{
-    delete host_cache_mac_ptr;
-    host_cache_mac_ptr = nullptr;
-    set_host_cache_mac(nullptr);
-}
+{ }
 
 void RnaPnd::analyze_appid_changes(DataEvent& event)
 {
diff --git a/src/network_inspectors/rna/rna_pnd.h b/src/network_inspectors/rna/rna_pnd.h
index c4d8caf5f..af76e6e01 100644
--- a/src/network_inspectors/rna/rna_pnd.h
+++ b/src/network_inspectors/rna/rna_pnd.h
@@ -134,8 +134,6 @@ public:
 
     static HostCacheIp::Data find_or_create_host_tracker(const snort::SfIp&, bool&);
 
-    HostCacheMac* host_cache_mac_ptr = nullptr;
-
 private:
     // generate change event for single host
     void generate_change_host_update(RnaTracker*, const snort::Packet*,
diff --git a/src/network_inspectors/rna/test/rna_module_mock.h b/src/network_inspectors/rna/test/rna_module_mock.h
index aeddbade0..918368f12 100644
--- a/src/network_inspectors/rna/test/rna_module_mock.h
+++ b/src/network_inspectors/rna/test/rna_module_mock.h
@@ -122,5 +122,8 @@ bool DataPurgeAC::execute(Analyzer&, void**) { return true;}
 void snort::main_broadcast_command(AnalyzerCommand*, bool) { }
 void set_host_cache_mac(HostCacheMac*) { }
 
-
+Inspector* InspectorManager::get_inspector(const char*, bool, const SnortConfig*)
+{
+    return nullptr;
+}
 #endif