From: Ron Dempster (rdempste) Date: Tue, 19 Dec 2023 22:31:30 +0000 (+0000) Subject: Pull request #4152: flow: Add tenant ID to FlowKey X-Git-Tag: 3.1.77.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a0742e1968fa16a9d6cbdee8a09c7d1bb33c899;p=thirdparty%2Fsnort3.git Pull request #4152: flow: Add tenant ID to FlowKey Merge in SNORT/snort3 from ~RDEMPSTE/snort3:daq_tunnelid_addressspace to master Squashed commit of the following: commit 271a3198036f516f3eed82a5c3d1ac97f006ee75 Author: Steve Chew Date: Tue Dec 12 17:31:26 2023 -0500 flow: Add tenant ID to FlowKey --- diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc index 769314ca2..73e5aca83 100644 --- a/src/flow/expect_cache.cc +++ b/src/flow/expect_cache.cc @@ -339,7 +339,7 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro // when groups are significant bool reversed_key = (ctrlPkt->pkth->flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) ? key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort, - srvIP, srvPort, vlanId, mplsId, ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->egress_group, + srvIP, srvPort, vlanId, mplsId, ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->tenant_id, ctrlPkt->pkth->egress_group, ctrlPkt->pkth->ingress_group) : key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort, srvIP, srvPort, vlanId, mplsId, *ctrlPkt->pkth); @@ -459,12 +459,6 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro return 0; } -bool ExpectCache::is_expected(Packet* p) -{ - FlowKey key; - return (find_node_by_packet(p, key) != nullptr); -} - bool ExpectCache::check(Packet* p, Flow* lws) { FlowKey key; diff --git a/src/flow/expect_cache.h b/src/flow/expect_cache.h index f29f8a8d5..b5d382eaa 100644 --- a/src/flow/expect_cache.h +++ b/src/flow/expect_cache.h @@ -102,7 +102,6 @@ public: bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false, bool expect_persist = false); - bool is_expected(snort::Packet*); bool check(snort::Packet*, snort::Flow*); unsigned long get_expects() { return expects; } diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index 0c2b65e41..4f7381b5c 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -628,8 +628,3 @@ int FlowControl::add_expected( const Packet* ctrlPkt, PktType type, IpProtocol i SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi, bidirectional, expect_persist); } -bool FlowControl::is_expected(Packet* p) -{ - return exp_cache->is_expected(p); -} - diff --git a/src/flow/flow_control.h b/src/flow/flow_control.h index c4a61a60e..9b9fa82d8 100644 --- a/src/flow/flow_control.h +++ b/src/flow/flow_control.h @@ -69,7 +69,6 @@ public: snort::Flow* stale_flow_cleanup(FlowCache*, snort::Flow*, snort::Packet*); void timeout_flows(unsigned int, time_t cur_time); void check_expected_flow(snort::Flow*, snort::Packet*); - bool is_expected(snort::Packet*); unsigned prune_multiple(PruneReason, bool do_cleanup); int add_expected_ignore( diff --git a/src/flow/flow_key.cc b/src/flow/flow_key.cc index de818b6a9..11d23ec5a 100644 --- a/src/flow/flow_key.cc +++ b/src/flow/flow_key.cc @@ -234,8 +234,8 @@ bool FlowKey::init( const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort, uint16_t vlanId, uint32_t mplsId, - uint32_t addrSpaceId, int16_t ingress_group, - int16_t egress_group) + uint32_t addrSpaceId, uint32_t tid, + int16_t ingress_group, int16_t egress_group) { bool reversed; @@ -258,6 +258,7 @@ bool FlowKey::init( pkt_type = type; ip_protocol = (uint8_t)ip_proto; + tenant_id = tid; init_vlan(sc, vlanId); init_address_space(sc, addrSpaceId); @@ -300,6 +301,7 @@ bool FlowKey::init( pkt_type = type; ip_protocol = (uint8_t)ip_proto; + tenant_id = pkt_hdr.tenant_id; init_vlan(sc, vlanId); init_address_space(sc, pkt_hdr.address_space_id); @@ -318,7 +320,8 @@ bool FlowKey::init( const SfIp *srcIP, const SfIp *dstIP, uint32_t id, uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, - int16_t ingress_group, int16_t egress_group) + uint32_t tid, int16_t ingress_group, + int16_t egress_group) { // to avoid confusing 2 different datagrams or confusing a datagram // with a session, we don't order the addresses and we set version @@ -341,6 +344,7 @@ bool FlowKey::init( } pkt_type = type; + tenant_id = tid; init_vlan(sc, vlanId); init_address_space(sc, addrSpaceId); @@ -382,6 +386,7 @@ bool FlowKey::init( } pkt_type = type; + tenant_id = pkt_hdr.tenant_id; init_vlan(sc, vlanId); init_address_space(sc, pkt_hdr.address_space_id); @@ -400,49 +405,6 @@ bool FlowKey::init( // hash foo //------------------------------------------------------------------------- -bool FlowKey::is_equal(const void* s1, const void* s2, size_t) -{ - const uint64_t* a = (const uint64_t*)s1; - const uint64_t* b = (const uint64_t*)s2; - - if (*a - *b) - return false; /* Compares IPv4 lo/hi - Compares IPv6 low[0,1] */ - - a++; - b++; - if (*a - *b) - return false; /* Compares port lo/hi, vlan, protocol, version - Compares IPv6 low[2,3] */ - - a++; - b++; - if (*a - *b) - return false; /* Compares IPv6 hi[0,1] */ - - a++; - b++; - if (*a - *b) - return false; /* Compares IPv6 hi[2,3] */ - - a++; - b++; - if (*a - *b) - return false; /* Compares MPLS label, addressSpaceId */ - - a++; - b++; - if (*a - *b) - return false; /* Compares port lo/hi, group lo/hi, vlan */ - - a++; - b++; - if (*a - *b) - return false; /* vlan, pad, ip_proto, type, version, flags */ - - return true; -} - unsigned FlowHashKeyOps::do_hash(const unsigned char* k, int) { uint32_t a, b, c; @@ -469,22 +431,23 @@ unsigned FlowHashKeyOps::do_hash(const unsigned char* k, int) mix(a, b, c); a += d[9]; // addressSpaceId - b += d[10]; // port lo & port hi - c += d[11]; // group lo & group hi + b += d[10]; // tenant_id + c += d[11]; // port lo & port hi mix(a, b, c); - a += d[12]; // vlan & pad - b += d[13]; // ip_proto, pkt_type, version, flags + a += d[12]; // group lo & group hi + b += d[13]; // vlan & padding + c += d[14]; // ip_protocol & pkt_type, version, flags finalize(a, b, c); return c; } -bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t len) +bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t) { - return FlowKey::is_equal(k1, k2, len); + return FlowKey::is_equal(static_cast(k1), static_cast(k2)); } diff --git a/src/flow/flow_key.h b/src/flow/flow_key.h index 706c5ecbc..bd5b7be6a 100644 --- a/src/flow/flow_key.h +++ b/src/flow/flow_key.h @@ -49,7 +49,6 @@ public: bool key_compare(const void* k1, const void* k2, size_t) override; }; - PADDING_GUARD_BEGIN struct SO_PUBLIC FlowKey { @@ -57,6 +56,7 @@ struct SO_PUBLIC FlowKey uint32_t ip_h[4]; /* High IP */ uint32_t mplsLabel; uint32_t addressSpaceId; + uint32_t tenant_id; uint16_t port_l; /* Low Port - 0 if ICMP */ uint16_t port_h; /* High Port - 0 if ICMP */ int16_t group_l; @@ -80,14 +80,14 @@ struct SO_PUBLIC FlowKey const SnortConfig*, PktType, IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, - uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, + uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, uint32_t tid, int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN); bool init( const SnortConfig*, PktType, IpProtocol, const snort::SfIp *srcIP, const snort::SfIp *dstIP, uint32_t id, uint16_t vlanId, - uint32_t mplsId, uint32_t addrSpaceId, + uint32_t mplsId, uint32_t addrSpaceId, uint32_t tid, int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN); bool init( @@ -106,8 +106,11 @@ struct SO_PUBLIC FlowKey void init_address_space(const SnortConfig*, uint32_t); void init_groups(int16_t, int16_t, bool); - // If this data structure changes size, compare must be updated! - static bool is_equal(const void* k1, const void* k2, size_t); + static bool is_equal(const FlowKey* k1, const FlowKey* k2) + { + return 0 == memcmp(k1, k2, sizeof(FlowKey)); + } + private: bool init4(IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort, diff --git a/src/flow/ha.cc b/src/flow/ha.cc index 0992d9482..930c4196d 100644 --- a/src/flow/ha.cc +++ b/src/flow/ha.cc @@ -89,7 +89,7 @@ private: bool use_daq_channel; }; -static constexpr uint8_t HA_MESSAGE_VERSION = 3; +static constexpr uint8_t HA_MESSAGE_VERSION = 4; // define message size and content constants. static constexpr uint8_t KEY_SIZE_IP6 = sizeof(FlowKey); @@ -492,7 +492,7 @@ static Flow* consume_ha_message(HAMessage& msg, if (read_flow_key(msg, hdr, key) == 0) return nullptr; - if (packet_key and !FlowKey::is_equal(packet_key, &key, 0)) + if (packet_key and !FlowKey::is_equal(packet_key, &key)) { ha_stats.key_mismatch++; return nullptr; diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc index fe63c026a..79ee8469c 100644 --- a/src/flow/test/flow_cache_test.cc +++ b/src/flow/test/flow_cache_test.cc @@ -58,7 +58,6 @@ void Active::set_drop_reason(char const*) { } ExpectCache::ExpectCache(uint32_t) { } ExpectCache::~ExpectCache() = default; bool ExpectCache::check(Packet*, Flow*) { return true; } -bool ExpectCache::is_expected(Packet*) { return true; } void DetectionEngine::disable_all(Packet*) { } Flow* HighAvailabilityManager::import(Packet&, FlowKey&) { return nullptr; } bool HighAvailabilityManager::in_standby(Flow*) { return false; } diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index d4803eb08..b9e797c12 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -83,7 +83,6 @@ void Flow::set_mpls_layer_per_dir(Packet*) { } void DetectionEngine::disable_all(Packet*) { } ExpectCache::ExpectCache(uint32_t) { } bool ExpectCache::check(Packet*, Flow*) { return true; } -bool ExpectCache::is_expected(Packet*) { return true; } Flow* HighAvailabilityManager::import(Packet&, FlowKey&) { return nullptr; } namespace snort @@ -100,7 +99,7 @@ bool FlowKey::init( const SfIp*, uint16_t, const SfIp*, uint16_t, uint16_t, uint32_t, - uint32_t, int16_t, int16_t) + uint32_t, uint32_t, int16_t, int16_t) { return true; } @@ -120,7 +119,7 @@ bool FlowKey::init( PktType, IpProtocol, const SfIp*, const SfIp*, uint32_t, uint16_t, - uint32_t, uint32_t, int16_t, + uint32_t, uint32_t, uint32_t, int16_t, int16_t) { return true; diff --git a/src/flow/test/ha_test.cc b/src/flow/test/ha_test.cc index 55b16b091..bc6942a5c 100644 --- a/src/flow/test/ha_test.cc +++ b/src/flow/test/ha_test.cc @@ -44,6 +44,7 @@ static const FlowKey s_test_key = /* .ip_h = */ { 5, 6, 7, 8 }, /* .mplsLabel = */ 9, /* .addressSpaceId = */ 0, + /* .tenant_id = */ 0, /* .port_l = */ 10, /* .port_h = */ 11, /* .group_l = */ 0, @@ -65,7 +66,7 @@ static struct __attribute__((__packed__)) TestDeleteMessage { { HA_DELETE_EVENT, HA_MESSAGE_VERSION, - 61, + 65, KEY_TYPE_IP6 }, s_test_key @@ -81,7 +82,7 @@ static struct __attribute__((__packed__)) TestUpdateMessage { { HA_UPDATE_EVENT, HA_MESSAGE_VERSION, - 73, + 77, KEY_TYPE_IP6 }, s_test_key, @@ -202,8 +203,6 @@ void packet_gettimeofday(struct timeval* tv) } } -bool FlowKey::is_equal(const void*, const void*, size_t) { return false; } - int SFDAQInstance::ioctl(DAQ_IoctlCmd, void*, size_t) { return DAQ_SUCCESS; } FlowStash::~FlowStash() = default; diff --git a/src/network_inspectors/appid/appid_debug.cc b/src/network_inspectors/appid/appid_debug.cc index e6d452939..9dcdf6473 100644 --- a/src/network_inspectors/appid/appid_debug.cc +++ b/src/network_inspectors/appid/appid_debug.cc @@ -25,6 +25,8 @@ #include "appid_debug.h" +#include + #include "flow/flow_key.h" #include "log/messages.h" #include "trace/trace_api.h" @@ -96,8 +98,8 @@ void appid_log(const Packet* p, const uint8_t log_level, const char* format, ... void AppIdDebug::activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t port1, uint16_t port2, IpProtocol protocol, const int version, uint32_t address_space_id, - const AppIdSession* session, bool log_all_sessions, int16_t group1, int16_t group2, - bool inter_group_flow) + const AppIdSession* session, bool log_all_sessions, uint32_t tenant_id, + int16_t group1, int16_t group2, bool inter_group_flow) { if (!( log_all_sessions or ( info.proto_match(protocol) and @@ -170,14 +172,20 @@ void AppIdDebug::activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t por snort_inet_ntop(af, &sip->u6_addr32[(af == AF_INET)? 3 : 0], sipstr, sizeof(sipstr)); snort_inet_ntop(af, &dip->u6_addr32[(af == AF_INET)? 3 : 0], dipstr, sizeof(dipstr)); - char gr_buf[32] = { '\0' }; + std::ostringstream oss; + oss << sipstr << " " << sport << " -> " + << dipstr << " " << dport << " " + << std::to_string(to_utype(protocol)) + << " AS=" << address_space_id + << " ID=" << get_instance_id(); + if (inter_group_flow) - snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", sgroup, dgroup); + oss << " GR=" << sgroup << "-" << dgroup; + + if (tenant_id) + oss << " TN=" << tenant_id; - snprintf(debug_session, sizeof(debug_session), - "%s %hu -> %s %hu %hhu AS=%u ID=%u%s", - sipstr, sport, dipstr, dport, static_cast(protocol), - address_space_id, get_instance_id(), gr_buf); + debugstr = oss.str(); } void AppIdDebug::activate(const Flow *flow, const AppIdSession* session, bool log_all_sessions) @@ -194,7 +202,7 @@ void AppIdDebug::activate(const Flow *flow, const AppIdSession* session, bool lo // two key->version here to create the proper debug_session string. activate(key->ip_l, key->ip_h, key->port_l, key->port_h, (IpProtocol)(key->ip_protocol), key->version, key->addressSpaceId, session, log_all_sessions, - key->group_l, key->group_h, key->flags.group_used); + key->tenant_id, key->group_l, key->group_h, key->flags.group_used); } void AppIdDebug::set_constraints(const char *desc, diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h index 7eb9e5ccc..501a2ec95 100644 --- a/src/network_inspectors/appid/appid_debug.h +++ b/src/network_inspectors/appid/appid_debug.h @@ -39,10 +39,6 @@ namespace snort struct Packet; } -// %s %u -> %s %u %u AS=%u ID=%u [GR=%hd-%hd] -// IPv6 Port -> IPv6 Port Proto AS=ASNum ID=InstanceNum [GR=SrcGroupNum-DstGroupNum] -#define APPID_DEBUG_SESSION_ID_SIZE ((39+1+5+1+2+1+39+1+5+1+3+1+2+1+10+1+2+1+10+32)+1) - #define CURRENT_PACKET snort::DetectionEngine::get_current_packet() void appid_log(const snort::Packet*, const uint8_t log_level, const char*, ...); @@ -79,7 +75,7 @@ public: void activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t port1, uint16_t port2, IpProtocol protocol, const int version, uint32_t address_space_id, - const AppIdSession* session, bool log_all_sessions, int16_t group1 = DAQ_PKTHDR_UNKNOWN, + const AppIdSession* session, bool log_all_sessions, uint32_t tenant_id, int16_t group1 = DAQ_PKTHDR_UNKNOWN, int16_t group2 = DAQ_PKTHDR_UNKNOWN, bool inter_group_flow = false); void activate(const snort::Flow *flow, const AppIdSession* session, bool log_all_sessions); void set_constraints(const char *desc, const AppIdDebugSessionConstraints* constraints); @@ -90,16 +86,16 @@ public: bool is_active() { return active; } void deactivate() { active = false; } - const char* get_debug_session() + const char* get_debug_session() const { - return debug_session; + return debugstr.c_str(); } private: bool enabled = false; bool active = false; AppIdDebugSessionConstraints info = {}; - char debug_session[APPID_DEBUG_SESSION_ID_SIZE] = {}; + std::string debugstr; }; extern THREAD_LOCAL AppIdDebug* appidDebug; diff --git a/src/network_inspectors/appid/appid_ha.cc b/src/network_inspectors/appid/appid_ha.cc index 4880bdfe1..10dbdffff 100644 --- a/src/network_inspectors/appid/appid_ha.cc +++ b/src/network_inspectors/appid/appid_ha.cc @@ -49,7 +49,7 @@ static AppIdSession* create_appid_session(Flow& flow, const FlowKey* key, AppIdSession* asd = new AppIdSession(static_cast(key->ip_protocol), flow.flags.client_initiated ? &flow.client_ip : &flow.server_ip, flow.flags.client_initiated ? flow.client_port : flow.server_port, inspector, - *pkt_thread_odp_ctxt, key->addressSpaceId); + *pkt_thread_odp_ctxt, key->addressSpaceId, key->tenant_id); appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n"); flow.set_flow_data(asd); diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index d8162ab7a..231f3b2e4 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -116,7 +116,7 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp; AppIdSession* asd = new AppIdSession(proto, ip, port, inspector, odp_context, - p->pkth->address_space_id); + p->pkth->address_space_id, p->pkth->tenant_id); is_session_monitored(asd->flags, p, inspector); asd->flow = p->flow; asd->stats.first_packet_second = p->pkth->ts.tv_sec; @@ -126,9 +126,9 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, } AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, - AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid) + AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid, uint32_t tenant_id) : FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config), - initiator_port(port), asid(asid), protocol(proto), + initiator_port(port), tenant_id(tenant_id), asid(asid), protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odp_ctxt), odp_ctxt_version(odp_ctxt.get_version()), tp_appid_ctxt(pkt_thread_tp_appid_ctxt) @@ -229,7 +229,7 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S // FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector, odp_ctxt, - ctrlPkt->pkth->address_space_id); + ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->tenant_id); is_session_monitored(asd->flags, ctrlPkt, *inspector); if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp, diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index 520b90c08..0577bb7d4 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -240,7 +240,7 @@ class AppIdSession : public snort::FlowData { public: AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, AppIdInspector&, - OdpContext&, uint32_t asid = 0); + OdpContext&, uint32_t asid, uint32_t tenant_id); ~AppIdSession() override; static AppIdSession* allocate_session(const snort::Packet*, IpProtocol, @@ -255,6 +255,7 @@ public: std::unordered_map flow_data; uint64_t flags = 0; uint16_t initiator_port = 0; + uint32_t tenant_id = 0; uint32_t asid = 0; uint16_t session_packet_count = 0; diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index aca770abe..f3a1518b1 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -156,7 +156,7 @@ AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); OdpContext stub_odp_ctxt(stub_config, nullptr); AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector, - OdpContext& odpctxt, uint32_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), + OdpContext& odpctxt, uint32_t, uint32_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odpctxt) { this->set_session_flags(APPID_SESSION_DISCOVER_APP); diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc index b3a27487e..fdf389286 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc @@ -127,7 +127,7 @@ void SipPatternMatchers::finalize_patterns(OdpContext&) AppIdSession* AppIdSession::allocate_session(snort::Packet const*, IpProtocol, AppidSessionDirection, AppIdInspector&, OdpContext& odp_ctxt) { - session = new AppIdSession(IpProtocol::IP, &sfip, 0, appid_inspector, odp_ctxt); + session = new AppIdSession(IpProtocol::IP, &sfip, 0, appid_inspector, odp_ctxt, 0, 0); return session; } diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index c8b8bd30f..ced9396f3 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -42,7 +42,7 @@ static Packet pkt; static SfIp sfip; static AppIdModule appid_mod; static AppIdInspector appid_inspector(appid_mod); -static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt); +static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt, 0, 0); static AppIdHttpSession mock_hsession(session, 0); static ChpMatchDescriptor cmd_test; static MatchedCHPAction mchp; diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index 76ea3178c..89d3dabaa 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -213,7 +213,7 @@ TEST_GROUP(appid_api) mock_init_appid_pegs(); SfIp ip; mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, - dummy_appid_inspector.get_ctxt().get_odp_ctxt()); + dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0, 0); pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt(); flow = new Flow; flow->set_flow_data(mock_session); diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index b5d154384..a693c38f4 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -72,7 +72,7 @@ AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); OdpContext stub_odp_ctxt(stub_config, nullptr); AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&, - OdpContext&, uint32_t) : FlowData(0), config(stub_config), + OdpContext&, uint32_t, uint32_t) : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; @@ -128,7 +128,7 @@ TEST(appid_debug, basic_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -139,7 +139,7 @@ TEST(appid_debug, basic_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -162,7 +162,7 @@ TEST(appid_debug, reverse_direction_activate_test) SfIp dip; dip.set("10.1.2.3"); AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... sip.set("10.9.8.7"); // this would be a reply back uint16_t sport = 80; @@ -173,7 +173,7 @@ TEST(appid_debug, reverse_direction_activate_test) session.initiator_port = dport; // session initiator is now dst // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -198,7 +198,7 @@ TEST(appid_debug, ipv6_test) sip.set("2001:db8:85a3::8a2e:370:7334"); // IPv6 SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("2001:db8:85a3::8a2e:370:7335"); uint16_t sport = 1234; @@ -209,7 +209,7 @@ TEST(appid_debug, ipv6_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 6, address_space_id, &session, false); + protocol, 6, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -234,7 +234,7 @@ TEST(appid_debug, no_initiator_port_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -245,7 +245,7 @@ TEST(appid_debug, no_initiator_port_test) session.initiator_port = 0; // no initiator port yet (uses IPs) // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -268,7 +268,7 @@ TEST(appid_debug, no_initiator_port_reversed_test) SfIp dip; dip.set("10.1.2.3"); AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... sip.set("10.9.8.7"); uint16_t sport = 80; @@ -279,7 +279,7 @@ TEST(appid_debug, no_initiator_port_reversed_test) session.initiator_port = 0; // no initiator port yet (uses IPs)... and reversed packet dir from above // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -306,7 +306,7 @@ TEST(appid_debug, null_session_test) uint32_t address_space_id = 0; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, nullptr, false); // null session + protocol, 4, address_space_id, nullptr, false, 0); // null session CHECK_EQUAL(appidDebug->is_active(), false); // not active } @@ -337,7 +337,7 @@ TEST(appid_debug, no_match_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -348,7 +348,7 @@ TEST(appid_debug, no_match_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), false); // not active (no match) delete &session.get_api(); @@ -367,7 +367,7 @@ TEST(appid_debug, all_constraints_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -378,7 +378,7 @@ TEST(appid_debug, all_constraints_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -401,7 +401,7 @@ TEST(appid_debug, just_proto_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -412,7 +412,7 @@ TEST(appid_debug, just_proto_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -435,7 +435,7 @@ TEST(appid_debug, just_ip_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -446,7 +446,7 @@ TEST(appid_debug, just_ip_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() @@ -469,7 +469,7 @@ TEST(appid_debug, just_port_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -480,7 +480,7 @@ TEST(appid_debug, just_port_test) session.initiator_port = sport; // activate() appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport, - protocol, 4, address_space_id, &session, false); + protocol, 4, address_space_id, &session, false, 0); CHECK_EQUAL(appidDebug->is_active(), true); // get_debug_session() diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index e7c1c9c07..468d08ac4 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -69,7 +69,7 @@ TEST_GROUP(appid_detector_tests) { SfIp ip; mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, - dummy_appid_inspector.get_ctxt().get_odp_ctxt()); + dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0, 0); flow = new Flow; flow->set_flow_data(mock_session); } diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index ad88c46a5..e5bb9cddc 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -170,7 +170,7 @@ const Command* AppIdModule::get_commands() const { return nullptr; } const PegInfo* AppIdModule::get_pegs() const { return nullptr; } PegCount* AppIdModule::get_counts() const { return nullptr; } ProfileStats* AppIdModule::get_profile( - unsigned i, const char*& name, const char*& parent) const { return nullptr; } + unsigned, const char*&, const char*&) const { return nullptr; } void AppIdModule::set_trace(const Trace*) const { } const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } THREAD_LOCAL bool ThirdPartyAppIdContext::tp_reload_in_progress = false; @@ -393,7 +393,7 @@ TEST(appid_discovery_tests, event_published_when_ignoring_flow) p.ptrs.ip_api.set(ip, ip); AppIdModule app_module; AppIdInspector ins(app_module); - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0); asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER | APPID_SESSION_DISCOVER_APP; Flow* flow = new Flow; @@ -428,7 +428,7 @@ TEST(appid_discovery_tests, event_published_when_processing_flow) p.ptrs.tcph = nullptr; AppIdModule app_module; AppIdInspector ins(app_module); - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0); asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER | APPID_SESSION_DISCOVER_APP; Flow* flow = new Flow; @@ -453,7 +453,7 @@ TEST(appid_discovery_tests, change_bits_for_client_version) AppIdModule app_module; AppIdInspector ins(app_module); SfIp ip; - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0); const char* version = "3.0"; asd->set_client_version(version, change_bits); @@ -488,7 +488,7 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) p.ptrs.ip_api.set(ip, ip); AppIdModule app_module; AppIdInspector ins(app_module); - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0); asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER | APPID_SESSION_DISCOVER_APP; Flow* flow = new Flow; diff --git a/src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc b/src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc index 2659eae64..d69b01e07 100644 --- a/src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc +++ b/src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc @@ -119,7 +119,7 @@ TEST_GROUP(appid_eve_process_event_handler_tests) void setup() override { SfIp ip; - session = new AppIdSession(IpProtocol::TCP, &ip, 0, dummy_appid_inspector, stub_odp_ctxt); + session = new AppIdSession(IpProtocol::TCP, &ip, 0, dummy_appid_inspector, stub_odp_ctxt, 0, 0); pkt_thread_odp_ctxt = &stub_odp_ctxt; appidDebug = new AppIdDebug(); appidDebug->activate(nullptr, nullptr, false); diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index f19f2af00..113f79183 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -290,7 +290,7 @@ TEST_GROUP(appid_http_event) { flow = new Flow; SfIp ip; - mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt); + mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt, 0, 0); pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt(); mock_session->create_http_session(); flow->set_flow_data(mock_session); diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index 8a3d306ca..df22a2533 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -115,7 +115,7 @@ static Flow flow; // AppIdSession mock functions AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector, - OdpContext&, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config), + OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) {} @@ -158,7 +158,7 @@ void AppIdModule::reset_stats() {} // AppIdDebug mock functions void AppIdDebug::activate(const uint32_t*, const uint32_t*, uint16_t, uint16_t, IpProtocol, const int, uint32_t, const AppIdSession*, bool, - int16_t, int16_t, bool) + uint32_t, int16_t, int16_t, bool) { } @@ -188,7 +188,7 @@ TEST_GROUP(appid_http_session) void setup() override { SfIp sfip; - session = new AppIdSession(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt); + session = new AppIdSession(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt, 0, 0); session->flow = &flow; mock_hsession = new AppIdHttpSession(*session, 0); appidDebug = new AppIdDebug(); diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index d6917f358..27883f8c7 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -81,7 +81,7 @@ static AppIdContext stub_ctxt(stub_config); static OdpContext stub_odp_ctxt(stub_config, nullptr); OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector, - OdpContext&, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config), + OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config), protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { this->set_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED); diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index 0d817061d..68a56fdba 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -70,7 +70,7 @@ TEST_GROUP(appid_session_api) AppidChangeBits change_bits; SfIp ip{}; - mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); + mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0); mock_session->flow = &flow; pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt(); mock_session->set_ss_application_ids(APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, @@ -113,7 +113,7 @@ TEST(appid_session_api, get_client_app_id) TEST(appid_session_api, get_client_app_id_with_eve_for_http2) { SfIp ip{}; - AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); + AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0); asd.flow = &flow; AppidChangeBits change_bits; asd.set_ss_application_ids(APP_ID_HTTP2, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits); @@ -163,7 +163,7 @@ TEST(appid_session_api, get_referred_app_id) TEST(appid_session_api, get_app_id) { SfIp ip{}; - AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); + AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0); asd.flow = &flow; AppidChangeBits change_bits; asd.set_application_ids_service(APP_ID_HTTP2, change_bits); @@ -192,7 +192,7 @@ TEST(appid_session_api, get_app_id) TEST(appid_session_api, get_app_id_with_eve_for_http2) { SfIp ip{}; - AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); + AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0); asd.flow = &flow; AppidChangeBits change_bits; asd.set_application_ids_service(APP_ID_HTTP2, change_bits); @@ -285,7 +285,7 @@ TEST(appid_session_api, get_app_id_with_eve_for_http2) TEST(appid_session_api, get_first_stream_appids_for_http2) { SfIp ip{}; - AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); + AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0); asd.flow = &flow; AppidChangeBits change_bits; asd.set_application_ids_service(APP_ID_HTTP2, change_bits); @@ -433,7 +433,7 @@ TEST(appid_session_api, get_client_info) TEST(appid_session_api, get_client_info_http2) { SfIp ip{}; - AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); + AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0); asd.flow = &flow; AppidChangeBits change_bits; asd.set_ss_application_ids(APP_ID_HTTP2, APPID_UT_ID + 1, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits); diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index b747ef508..efc5c15d0 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -104,7 +104,7 @@ AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); OdpContext stub_odp_ctxt(stub_config, nullptr); AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&, - OdpContext&, uint32_t) : FlowData(0), config(stub_config), + OdpContext&, uint32_t, uint32_t) : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; AppIdDiscovery::~AppIdDiscovery() = default; @@ -191,7 +191,7 @@ TEST(service_state_tests, set_service_id_failed) AppIdInspector inspector; SfIp client_ip; client_ip.set("1.2.3.4"); - AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt); + AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0, 0); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0 sds.set_state(ServiceState::VALID); @@ -211,7 +211,7 @@ TEST(service_state_tests, set_service_id_failed_with_valid) AppIdInspector inspector; SfIp client_ip; client_ip.set("1.2.3.4"); - AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt); + AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0, 0); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1 sds.set_state(ServiceState::VALID); diff --git a/src/network_inspectors/packet_tracer/packet_tracer.cc b/src/network_inspectors/packet_tracer/packet_tracer.cc index edaa6b72d..5ef766808 100644 --- a/src/network_inspectors/packet_tracer/packet_tracer.cc +++ b/src/network_inspectors/packet_tracer/packet_tracer.cc @@ -27,6 +27,7 @@ #include #include #include +#include #include "detection/ips_context.h" #include "log/log.h" @@ -311,6 +312,7 @@ void PacketTracer::add_ip_header_info(const Packet& p) { SfIpString sipstr; SfIpString dipstr; + std::ostringstream oss; uint16_t sport = p.ptrs.sp; uint16_t dport = p.ptrs.dp; @@ -323,24 +325,53 @@ void PacketTracer::add_ip_header_info(const Packet& p) actual_sip->ntop(sipstr, sizeof(sipstr)); actual_dip->ntop(dipstr, sizeof(dipstr)); - char gr_buf[32] = { '\0' }; - if (p.is_inter_group_flow()) - snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", p.pkth->ingress_group, - p.pkth->egress_group); - if (shell_enabled) { PacketTracer::log("\n"); - snprintf(debug_session, sizeof(debug_session), "%s %hu -> %s %hu %hhu AS=%u ID=%u%s ", - sipstr, sport, dipstr, dport, static_cast(proto), - p.pkth->address_space_id, get_instance_id(), gr_buf); + + oss << sipstr << " " << sport << " -> " + << dipstr << " " << dport << " " + << std::to_string(to_utype(proto)) + << " AS=" << p.pkth->address_space_id + << " ID=" << get_instance_id(); + + if (p.is_inter_group_flow()) + { + oss << " GR=" + << p.pkth->ingress_group + << "-" + << p.pkth->egress_group; + } + + if (p.pkth->tenant_id) + oss << " TN=" << p.pkth->tenant_id; + + oss << " "; + debugstr = oss.str(); } else { add_eth_header_info(p); - PacketTracer::log("%s:%hu -> %s:%hu proto %u AS=%u ID=%u%s\n", - sipstr, sport, dipstr, dport, static_cast(proto), - p.pkth->address_space_id, get_instance_id(), gr_buf); + + oss << sipstr << ":" << sport << " -> " + << dipstr << ":" << dport << " " + << "proto " << std::to_string(to_utype(proto)) + << " AS=" << p.pkth->address_space_id + << " ID=" << get_instance_id(); + + if (p.is_inter_group_flow()) + { + oss << " GR=" + << p.pkth->ingress_group + << "-" + << p.pkth->egress_group; + } + + if (p.pkth->tenant_id) + oss << " TN=" << p.pkth->tenant_id; + + oss << "\n"; + PacketTracer::log("%s", oss.str().c_str()); } add_packet_type_info(p); } @@ -396,31 +427,30 @@ void PacketTracer::add_eth_header_info(const Packet& p) if (shell_enabled) { PacketTracer::log("\n"); - char gr_buf[32] = { '\0' }; + std::ostringstream oss; + oss << eh->to_string() + << " AS=" << p.pkth->address_space_id + << " ID=" << get_instance_id(); + if (p.is_inter_group_flow()) - snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", p.pkth->ingress_group, - p.pkth->egress_group); - - snprintf(debug_session, sizeof(debug_session), - "%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X" - " AS=%u ID=%u%s ", - eh->ether_src[0], eh->ether_src[1], eh->ether_src[2], - eh->ether_src[3], eh->ether_src[4], eh->ether_src[5], - eh->ether_dst[0], eh->ether_dst[1], eh->ether_dst[2], - eh->ether_dst[3], eh->ether_dst[4], eh->ether_dst[5], - (uint16_t)eh->ethertype(), p.pkth->address_space_id, get_instance_id(), - gr_buf); + { + oss << " GR=" + << p.pkth->ingress_group + << "-" + << p.pkth->egress_group; + } + + if (p.pkth->tenant_id) + oss << " TN=" << p.pkth->tenant_id; + + oss << " "; // Include a space before the remaining data. + debugstr = oss.str(); s_pkt_trace->active = true; } else { // MAC layer - PacketTracer::log("%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X\n", - eh->ether_src[0], eh->ether_src[1], eh->ether_src[2], - eh->ether_src[3], eh->ether_src[4], eh->ether_src[5], - eh->ether_dst[0], eh->ether_dst[1], eh->ether_dst[2], - eh->ether_dst[3], eh->ether_dst[4], eh->ether_dst[5], - (uint16_t)eh->ethertype()); + PacketTracer::log("%s\n", eh->to_string().c_str()); } } } diff --git a/src/network_inspectors/packet_tracer/packet_tracer.h b/src/network_inspectors/packet_tracer/packet_tracer.h index c552f7f1e..d0e68bd6c 100644 --- a/src/network_inspectors/packet_tracer/packet_tracer.h +++ b/src/network_inspectors/packet_tracer/packet_tracer.h @@ -35,10 +35,6 @@ #include "time/clock_defs.h" #include "time/stopwatch.h" -// %s %u -> %s %u %u AS=%u ID=%u GR=%hd-%hd -// IPv6 Port -> IPv6 Port Proto AS=ASNum ID=InstanceNum GR=SrcGroupNum-DstGroupNum -#define PT_DEBUG_SESSION_ID_SIZE ((39+1+5+1+2+1+39+1+5+1+3+1+2+1+10+1+2+1+10+32)+1) - namespace snort { struct Packet; @@ -96,7 +92,7 @@ protected: bool shell_enabled = false; bool active = false; - char debug_session[PT_DEBUG_SESSION_ID_SIZE] = {0}; + std::string debugstr; PacketConstraints constraints; // static functions @@ -109,7 +105,7 @@ protected: void add_eth_header_info(const snort::Packet&); void add_packet_type_info(const snort::Packet&); void update_constraints(const PacketConstraints* constraints); - const char *get_debug_session() { return debug_session; } + const char *get_debug_session() { return debugstr.c_str(); } virtual void open_file(); virtual void dump_to_daq(Packet*); diff --git a/src/protocols/eth.h b/src/protocols/eth.h index e8b991376..45b6ef954 100644 --- a/src/protocols/eth.h +++ b/src/protocols/eth.h @@ -20,6 +20,8 @@ #ifndef PROTOCOLS_ETH_H #define PROTOCOLS_ETH_H +#include + #include #include "protocols/protocol_ids.h" @@ -40,13 +42,29 @@ struct EtherHdr uint8_t ether_src[6]; uint16_t ether_type; - /* return data in byte order */ + /* return data in host byte order */ inline ProtocolId ethertype() const { return (ProtocolId)ntohs(ether_type); } /* return data in network order */ inline uint16_t raw_ethertype() const { return ether_type; } + + // -> + std::string to_string() const + { + char str[50]; + + snprintf(str, sizeof(str), + "%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X", + ether_src[0], ether_src[1], ether_src[2], + ether_src[3], ether_src[4], ether_src[5], + ether_dst[0], ether_dst[1], ether_dst[2], + ether_dst[3], ether_dst[4], ether_dst[5], + (uint16_t)ethertype()); + + return str; + } }; } // namespace eth } // namespace snort diff --git a/src/service_inspectors/dce_rpc/dce_smb2.h b/src/service_inspectors/dce_rpc/dce_smb2.h index 91b931d9f..90d23b65c 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.h +++ b/src/service_inspectors/dce_rpc/dce_smb2.h @@ -237,6 +237,8 @@ struct Smb2SidHashKey uint16_t vlan_tag = 0; uint16_t padding = 0; uint64_t sid = 0; + uint32_t tenant_id = 0; + uint32_t padding2 = 0; // NOTE: If this changes, change do_hash too bool operator==(const Smb2SidHashKey& other) const { @@ -253,7 +255,8 @@ struct Smb2SidHashKey sgroup == other.sgroup and addressSpaceId == other.addressSpaceId and vlan_tag == other.vlan_tag and - sid == other.sid); + sid == other.sid and + tenant_id == other.tenant_id ); } }; PADDING_GUARD_END @@ -278,11 +281,34 @@ private: { uint32_t a, b, c; a = b = c = SMB_KEY_HASH_HARDENER; - a += d[0]; b += d[1]; c += d[2]; mix(a, b, c); - a += d[3]; b += d[4]; c += d[5]; mix(a, b, c); - a += d[6]; b += d[7]; c += d[8]; mix(a, b, c); - a += d[9]; b += d[10]; c += d[11]; mix(a, b, c); - a += d[12]; b += d[13]; finalize(a, b, c); + + a += d[0]; // IPv6 cip[0] + b += d[1]; // IPv6 cip[1] + c += d[2]; // IPv6 cip[2] + mix(a, b, c); + + a += d[3]; // IPv6 cip[3] + b += d[4]; // IPv6 sip[0] + c += d[5]; // IPv6 sip[1] + mix(a, b, c); + + a += d[6]; // IPv6 sip[2] + b += d[7]; // IPv6 sip[3] + c += d[8]; // mpls label + mix(a, b, c); + + a += d[9]; // cgroup and sgroup + b += d[10]; // addressSpaceId + c += d[11]; // vlan_tag, padding + mix(a, b, c); + + a += d[12]; // sid[0] + b += d[13]; // sid[1] + c += d[14]; // tenant_id + + // padding2 is ignored. + finalize(a, b, c); + return c; } diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc index 67511335b..ee26a35bc 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc @@ -42,13 +42,13 @@ Smb2SidHashKey get_key(uint64_t sid) { memcpy(key.cip, flow->client_ip.get_ip6_ptr(), 4 * sizeof(uint32_t)); memcpy(key.sip, flow->server_ip.get_ip6_ptr(), 4 * sizeof(uint32_t)); - key.sid = sid; + key.mplsLabel = flow->key->mplsLabel; key.cgroup = flow->client_group; key.sgroup = flow->server_group; - key.vlan_tag = flow->key->vlan_tag; - key.mplsLabel = flow->key->mplsLabel; key.addressSpaceId = flow->key->addressSpaceId; - key.padding = 0; + key.vlan_tag = flow->key->vlan_tag; + key.sid = sid; + key.tenant_id = flow->key->tenant_id; } return key; } diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index a4c51fd58..84b9bd0a5 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1132,11 +1132,14 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p, { /* Call into Streams to mark data channel as something * to ignore. */ - Stream::ignore_flow( + FtpDataFlowData* fd = new FtpDataFlowData(p); + int ret = Stream::ignore_flow( p, PktType::TCP, IpProtocol::TCP, &session->clientIP, session->clientPort, &session->serverIP, session->serverPort, - SSN_DIR_BOTH, (new FtpDataFlowData(p))); + SSN_DIR_BOTH, fd); + if (ret) + delete fd; } } } diff --git a/src/service_inspectors/sip/sip_dialog.cc b/src/service_inspectors/sip/sip_dialog.cc index 83be9fe57..9f232b313 100644 --- a/src/service_inspectors/sip/sip_dialog.cc +++ b/src/service_inspectors/sip/sip_dialog.cc @@ -390,8 +390,11 @@ static int SIP_ignoreChannels(const SIP_DialogData& dialog, Packet* p, SIP_PROTO } else { - Stream::ignore_flow(p, p->flow->pkt_type, p->get_ip_proto_next(), &mdataA->maddress, - mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, (new SipFlowData)); + SipFlowData* fd = new SipFlowData; + int ret = Stream::ignore_flow(p, p->flow->pkt_type, p->get_ip_proto_next(), &mdataA->maddress, + mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, fd); + if (ret) + delete fd; } sip_stats.ignoreChannels++; mdataA = mdataA->nextM; diff --git a/src/sfip/sf_cidr.cc b/src/sfip/sf_cidr.cc index 3b8dda1e0..b0520635f 100644 --- a/src/sfip/sf_cidr.cc +++ b/src/sfip/sf_cidr.cc @@ -28,7 +28,12 @@ using namespace snort; SfIpRet SfCidr::set(const char* src) { - return addr.set(src, &bits); + // Can't pass &bits to set() since using an address of a packed + // member variable may result in an unaligned pointer value. + uint16_t outbits = 0; + SfIpRet ret = addr.set(src, &outbits); + bits = outbits; + return ret; } // Check if ip is contained within the network specified by this addr diff --git a/src/stream/icmp/icmp_session.cc b/src/stream/icmp/icmp_session.cc index 47b1df416..9ad8a06c2 100644 --- a/src/stream/icmp/icmp_session.cc +++ b/src/stream/icmp/icmp_session.cc @@ -151,6 +151,7 @@ static int ProcessIcmpUnreach(Packet* p) skey.padding = skey.flags.padding_bits = 0; skey.flags.group_used = p->is_inter_group_flow(); skey.init_groups(p->pkth->ingress_group, p->pkth->egress_group, reversed); + skey.tenant_id = p->pkth->tenant_id; switch (p->type()) { diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 19f67e2a7..edebb2070 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -95,13 +95,14 @@ Flow* Stream::get_flow( const SfIp* srcIP, uint16_t srcPort, const SfIp* dstIP, uint16_t dstPort, uint16_t vlan, uint32_t mplsId, uint32_t addressSpaceId, + uint32_t tenant_id, int16_t ingress_group, int16_t egress_group) { FlowKey key; const SnortConfig* sc = SnortConfig::get_conf(); key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId, - addressSpaceId, ingress_group, egress_group); + addressSpaceId, tenant_id, ingress_group, egress_group); return get_flow(&key); } @@ -109,7 +110,8 @@ Flow* Stream::get_flow( PktType type, IpProtocol proto, const SfIp* srcIP, uint16_t srcPort, const SfIp* dstIP, uint16_t dstPort, - uint16_t vlan, uint32_t mplsId, const DAQ_PktHdr_t& pkth) + uint16_t vlan, uint32_t mplsId, + const DAQ_PktHdr_t& pkth) { FlowKey key; const SnortConfig* sc = SnortConfig::get_conf(); @@ -135,13 +137,6 @@ void Stream::populate_flow_key(const Packet* p, FlowKey* key) *p->pkth); } -FlowKey* Stream::get_flow_key(Packet* p) -{ - FlowKey* key = (FlowKey*)snort_calloc(sizeof(*key)); - populate_flow_key(p, key); - return key; -} - //------------------------------------------------------------------------- // app data foo //------------------------------------------------------------------------- @@ -160,12 +155,12 @@ FlowData* Stream::get_flow_data( const SfIp* srcIP, uint16_t srcPort, const SfIp* dstIP, uint16_t dstPort, uint16_t vlan, uint32_t mplsId, - uint32_t addressSpaceID, unsigned flowdata_id, + uint32_t addressSpaceID, unsigned flowdata_id, uint32_t tenant_id, int16_t ingress_group, int16_t egress_group) { Flow* flow = get_flow( type, proto, srcIP, srcPort, dstIP, dstPort, - vlan, mplsId, addressSpaceID, ingress_group, + vlan, mplsId, addressSpaceID, tenant_id, ingress_group, egress_group); if (!flow) @@ -174,23 +169,6 @@ FlowData* Stream::get_flow_data( return flow->get_flow_data(flowdata_id); } -FlowData* Stream::get_flow_data( - PktType type, IpProtocol proto, - const SfIp* srcIP, uint16_t srcPort, - const SfIp* dstIP, uint16_t dstPort, - uint16_t vlan, uint32_t mplsId, - unsigned flowdata_id, const DAQ_PktHdr_t& pkth) -{ - Flow* flow = get_flow( - type, proto, srcIP, srcPort, dstIP, dstPort, - vlan, mplsId, pkth); - - if (!flow) - return nullptr; - - return flow->get_flow_data(flowdata_id); -} - //------------------------------------------------------------------------- //------------------------------------------------------------------------- // session status diff --git a/src/stream/stream.h b/src/stream/stream.h index a4fac3b6c..9dc52d663 100644 --- a/src/stream/stream.h +++ b/src/stream/stream.h @@ -195,12 +195,8 @@ public: PktType type, IpProtocol proto, const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2, uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, unsigned flowdata_id, - int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN); - - static FlowData* get_flow_data( - PktType type, IpProtocol proto, - const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2, - uint16_t vlanId, uint32_t mplsId, unsigned flowdata_id, const DAQ_PktHdr_t&); + uint32_t tenant_id, int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, + int16_t egress_group = DAQ_PKTHDR_UNKNOWN); // Get pointer to application data for a flow using the FlowKey as the lookup criteria static FlowData* get_flow_data(const FlowKey*, unsigned flowdata_id); @@ -211,7 +207,8 @@ public: PktType type, IpProtocol proto, const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2, uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, - int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN); + uint32_t tenant_id, int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, + int16_t egress_group = DAQ_PKTHDR_UNKNOWN); static Flow* get_flow( PktType type, IpProtocol proto, @@ -222,10 +219,7 @@ public: // Handle session block pending state static void check_flow_closed(Packet*); - // Create a session key from the Packet - static FlowKey* get_flow_key(Packet*); - - // Populate a session key from the Packet + // Populate a flow key from the Packet static void populate_flow_key(const Packet*, FlowKey*); static void set_snort_protocol_id_from_ha(Flow*, const SnortProtocolId);