From: Shravan Rangarajuvenkata (shrarang) Date: Thu, 16 Jan 2020 16:08:22 +0000 (+0000) Subject: Merge pull request #1941 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt to... X-Git-Tag: 3.0.0-268~55 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3134265152de6eda38a2beb04791c0322f37fcb7;p=thirdparty%2Fsnort3.git Merge pull request #1941 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt to master Squashed commit of the following: commit 16d04f32ed78eb83eb52ca2c44b1104581814a06 Author: Shravan Rangaraju Date: Fri Jan 10 10:29:27 2020 -0500 appid: move odp config, host-port cache and length cache to a separate class OdpContext; remove obsolete port detector code --- diff --git a/src/network_inspectors/appid/CMakeLists.txt b/src/network_inspectors/appid/CMakeLists.txt index 8b1668d8e..001dc3ab8 100644 --- a/src/network_inspectors/appid/CMakeLists.txt +++ b/src/network_inspectors/appid/CMakeLists.txt @@ -201,7 +201,6 @@ set ( APPID_SOURCES appid_http_event_handler.cc appid_http_event_handler.h ips_appid_option.cc - length_app_cache.cc length_app_cache.h lua_detector_api.cc lua_detector_api.h diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index ab4f68bbc..e15411fb2 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -274,7 +274,7 @@ void AppInfoManager::set_app_info_active(AppId appId) ParseWarning(WARN_PLUGINS, "appid: no entry in %s for %d", APP_MAPPING_FILE, appId); } -void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) +void AppInfoManager::load_appid_config(OdpContext& odp_ctxt, const char* path) { char buf[MAX_TABLE_LINE_LEN]; unsigned line = 0; @@ -327,7 +327,7 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) } else { - config->max_tp_flow_depth = max_tp_flow_depth; + odp_ctxt.max_tp_flow_depth = max_tp_flow_depth; } } else if (!(strcasecmp(conf_key, "host_port_app_cache_lookup_interval"))) @@ -342,7 +342,7 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) } else { - config->host_port_app_cache_lookup_interval = host_port_app_cache_lookup_interval; + odp_ctxt.host_port_app_cache_lookup_interval = host_port_app_cache_lookup_interval; } } else if (!(strcasecmp(conf_key, "host_port_app_cache_lookup_range"))) @@ -357,42 +357,42 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) } else { - config->host_port_app_cache_lookup_range = host_port_app_cache_lookup_range; + odp_ctxt.host_port_app_cache_lookup_range = host_port_app_cache_lookup_range; } } else if (!(strcasecmp(conf_key, "is_host_port_app_cache_runtime"))) { if (!(strcasecmp(conf_val, "enabled"))) { - config->is_host_port_app_cache_runtime = true; + odp_ctxt.is_host_port_app_cache_runtime = true; } } else if (!(strcasecmp(conf_key, "check_host_port_app_cache"))) { if (!(strcasecmp(conf_val, "enabled"))) { - config->check_host_port_app_cache = true; + odp_ctxt.check_host_port_app_cache = true; } } else if (!(strcasecmp(conf_key, "check_host_cache_unknown_ssl"))) { if (!(strcasecmp(conf_val, "enabled"))) { - config->check_host_cache_unknown_ssl = true; + odp_ctxt.check_host_cache_unknown_ssl = true; } } else if (!(strcasecmp(conf_key, "allow_port_wildcard_host_cache"))) { if (!(strcasecmp(conf_val, "enabled"))) { - config->allow_port_wildcard_host_cache = true; + odp_ctxt.allow_port_wildcard_host_cache = true; } } else if (!(strcasecmp(conf_key, "recheck_for_portservice_appid"))) { if (!(strcasecmp(conf_val, "enabled"))) { - config->recheck_for_portservice_appid = true; + odp_ctxt.recheck_for_portservice_appid = true; } } else if (!(strcasecmp(conf_key, "bittorrent_aggressiveness"))) @@ -401,20 +401,20 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) LogMessage("AppId: bittorrent_aggressiveness %d\n", aggressiveness); if (aggressiveness >= 50) { - config->host_port_app_cache_lookup_interval = 5; - config->recheck_for_portservice_appid = true; + odp_ctxt.host_port_app_cache_lookup_interval = 5; + odp_ctxt.recheck_for_portservice_appid = true; set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER); set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER_PAYLOAD); - config->max_tp_flow_depth = 25; - LogMessage("AppId: host_port_app_cache_lookup_interval %d\n", config->host_port_app_cache_lookup_interval); + odp_ctxt.max_tp_flow_depth = 25; + LogMessage("AppId: host_port_app_cache_lookup_interval %d\n", odp_ctxt.host_port_app_cache_lookup_interval); LogMessage("AppId: recheck_for_portservice_appid enabled\n"); LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_BITTORRENT); LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_BITTORRENT); - LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth); + LogMessage("AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth); } if (aggressiveness >= 80) { - config->allow_port_wildcard_host_cache = true; + odp_ctxt.allow_port_wildcard_host_cache = true; LogMessage("AppId: allow_port_wildcard_host_cache enabled\n"); } } @@ -424,18 +424,18 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) LogMessage("AppId: ultrasurf_aggressiveness %d\n", aggressiveness); if (aggressiveness >= 50) { - config->check_host_cache_unknown_ssl = true; + odp_ctxt.check_host_cache_unknown_ssl = true; set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER); set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER_PAYLOAD); - config->max_tp_flow_depth = 25; + odp_ctxt.max_tp_flow_depth = 25; LogMessage("AppId: check_host_cache_unknown_ssl enabled\n"); LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_ULTRASURF); LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_ULTRASURF); - LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth); + LogMessage("AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth); } if (aggressiveness >= 80) { - config->allow_port_wildcard_host_cache = true; + odp_ctxt.allow_port_wildcard_host_cache = true; LogMessage("AppId: allow_port_wildcard_host_cache enabled\n"); } } @@ -445,18 +445,18 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) LogMessage("AppId: psiphon_aggressiveness %d\n", aggressiveness); if (aggressiveness >= 50) { - config->check_host_cache_unknown_ssl = true; + odp_ctxt.check_host_cache_unknown_ssl = true; set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER); set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER_PAYLOAD); - config->max_tp_flow_depth = 25; + odp_ctxt.max_tp_flow_depth = 25; LogMessage("AppId: check_host_cache_unknown_ssl enabled\n"); LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_PSIPHON); LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_PSIPHON); - LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth); + LogMessage("AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth); } if (aggressiveness >= 80) { - config->allow_port_wildcard_host_cache = true; + odp_ctxt.allow_port_wildcard_host_cache = true; LogMessage("AppId: allow_port_wildcard_host_cache enabled\n"); } } @@ -464,7 +464,7 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { if (!(strcasecmp(conf_val, "enabled"))) { - config->tp_allow_probes = 1; + odp_ctxt.tp_allow_probes = 1; } } else if (!(strcasecmp(conf_key, "tp_client_app"))) @@ -475,13 +475,6 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT); } - else if (!(strcasecmp(conf_key, "disable_safe_search"))) - { - if (!(strcasecmp(conf_val, "disabled"))) - { - config->safe_search_enabled = false; - } - } else if (!(strcasecmp(conf_key, "ssl_squelch"))) { set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH); @@ -498,7 +491,7 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { if (!(strcasecmp(conf_val, "disabled"))) { - config->chp_userid_disabled = true; + odp_ctxt.chp_userid_disabled = true; continue; } } @@ -506,7 +499,7 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { if (!(strcasecmp(conf_val, "disabled"))) { - config->chp_body_collection_disabled = 1; + odp_ctxt.chp_body_collection_disabled = 1; continue; } } @@ -514,7 +507,7 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { if (!(strcasecmp(conf_val, "disabled"))) { - config->ftp_userid_disabled = 1; + odp_ctxt.ftp_userid_disabled = 1; continue; } } @@ -538,10 +531,10 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { if (!(strcasecmp(conf_val, "disabled"))) { - config->referred_appId_disabled = true; + odp_ctxt.referred_appId_disabled = true; continue; } - else if (!config->referred_appId_disabled) + else if (!odp_ctxt.referred_appId_disabled) { char referred_app_list[4096]; int referred_app_index = safe_snprintf(referred_app_list, 4096, "%d ", @@ -559,19 +552,19 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) } else if (!(strcasecmp(conf_key, "rtmp_max_packets"))) { - config->rtmp_max_packets = atoi(conf_val); + odp_ctxt.rtmp_max_packets = atoi(conf_val); } else if (!(strcasecmp(conf_key, "mdns_user_report"))) { - config->mdns_user_reporting = atoi(conf_val) ? true : false; + odp_ctxt.mdns_user_reporting = atoi(conf_val) ? true : false; } else if (!(strcasecmp(conf_key, "dns_host_report"))) { - config->dns_host_reporting = atoi(conf_val) ? true : false; + odp_ctxt.dns_host_reporting = atoi(conf_val) ? true : false; } else if (!(strcasecmp(conf_key, "chp_body_max_bytes"))) { - config->chp_body_collection_max = atoi(conf_val); + odp_ctxt.chp_body_collection_max = atoi(conf_val); } else if (!(strcasecmp(conf_key, "ignore_thirdparty_appid"))) { @@ -586,11 +579,11 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) // ports. if (!(strcasecmp(conf_val, "disabled"))) { - config->http2_detection_enabled = false; + odp_ctxt.http2_detection_enabled = false; } else if (!(strcasecmp(conf_val, "enabled"))) { - config->http2_detection_enabled = true; + odp_ctxt.http2_detection_enabled = true; } else { @@ -599,6 +592,8 @@ void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) conf_val); } } + else + ParseWarning(WARN_CONF, "AppId: unsupported configuration: %s\n", conf_key); } } @@ -613,7 +608,7 @@ SnortProtocolId AppInfoManager::add_appid_protocol_reference(const char* protoco } void AppInfoManager::init_appid_info_table(AppIdConfig* config, - SnortConfig* sc) + SnortConfig* sc, OdpContext& odp_ctxt) { if ( !config->app_detector_dir ) { @@ -714,13 +709,13 @@ void AppInfoManager::init_appid_info_table(AppIdConfig* config, snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir, APP_CONFIG_FILE); - load_appid_config (config, filepath); + load_appid_config (odp_ctxt, filepath); snprintf(filepath, sizeof(filepath), "%s/custom/%s", config->app_detector_dir, USR_CONFIG_FILE); if (access (filepath, F_OK)) snprintf(filepath, sizeof(filepath), "%s/../%s", config->app_detector_dir, USR_CONFIG_FILE); - load_appid_config (config, filepath); + load_appid_config (odp_ctxt, filepath); } } diff --git a/src/network_inspectors/appid/app_info_table.h b/src/network_inspectors/appid/app_info_table.h index 0a72a683d..370483b0c 100644 --- a/src/network_inspectors/appid/app_info_table.h +++ b/src/network_inspectors/appid/app_info_table.h @@ -41,6 +41,7 @@ class AppIdConfig; class ClientDetector; +class OdpContext; class ServiceDetector; enum AppInfoFlags @@ -142,14 +143,14 @@ public: return entry ? entry->priority : 0; } - void init_appid_info_table(AppIdConfig*, snort::SnortConfig*); + void init_appid_info_table(AppIdConfig*, snort::SnortConfig*, OdpContext& odp_ctxt); void cleanup_appid_info_table(); void dump_app_info_table(); SnortProtocolId add_appid_protocol_reference(const char* protocol, snort::SnortConfig*); private: inline AppInfoManager() = default; - void load_appid_config(AppIdConfig*, const char* path); + void load_appid_config(OdpContext&, const char* path); AppInfoTableEntry* get_app_info_entry(AppId appId, const AppInfoTable&); }; diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 83a15e680..79a7d7714 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -49,19 +49,6 @@ using namespace snort; -#define ODP_PORT_DETECTORS "odp/port/*" -#define CUSTOM_PORT_DETECTORS "custom/port/*" -#define MAX_DISPLAY_SIZE 65536 -#define MAX_LINE 2048 - -using namespace snort; - -struct PortList -{ - PortList* next; - uint16_t port; -}; - SnortProtocolId snortId_for_unsynchronized; SnortProtocolId snortId_for_ftp_data; SnortProtocolId snortId_for_http2; @@ -69,6 +56,7 @@ SnortProtocolId snortId_for_http2; #ifdef ENABLE_APPID_THIRD_PARTY ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr; #endif +OdpContext* AppIdContext::odp_ctxt = nullptr; static void map_app_names_to_snort_ids(SnortConfig* sc) { @@ -102,153 +90,20 @@ void AppIdContext::pterm() AppIdContext::app_info_mgr.cleanup_appid_info_table(); } -void AppIdContext::read_port_detectors(const char* files) -{ - int rval; - glob_t globs; - char pattern[PATH_MAX]; - uint32_t n; - - snprintf(pattern, sizeof(pattern), "%s/%s", config->app_detector_dir, files); - - memset(&globs, 0, sizeof(globs)); - rval = glob(pattern, 0, nullptr, &globs); - if (rval != 0 && rval != GLOB_NOMATCH) - { - ErrorMessage("Unable to read directory '%s'\n",pattern); - return; - } - - for (n = 0; n < globs.gl_pathc; n++) - { - FILE* file; - unsigned proto = 0; - AppId appId = APP_ID_NONE; - char line[1024]; - PortList* port = nullptr; - PortList* tmp_port; - - if ((file = fopen(globs.gl_pathv[n], "r")) == nullptr) - { - ErrorMessage("Unable to read port service '%s'\n",globs.gl_pathv[n]); - continue; - } - - while (fgets(line, sizeof(line), file)) - { - char* key, * value, * p; - size_t len; - - len = strlen(line); - for (; len && (line[len - 1] == '\n' || line[len - 1] == '\r'); len--) - line[len - 1] = 0; - - /* find key/value for lines of the format "key: value\n" */ - if ((value = strchr(line, ':'))) - { - key = line; - *value = '\0'; - value++; - while (*value == ' ') - value++; - - if (strcasecmp(key, "ports") == 0) - { - char* context = nullptr; - char* ptr; - unsigned long tmp; - - for (ptr = strtok_r(value, ",", &context); ptr; ptr = strtok_r(nullptr, ",", - &context)) - { - while (*ptr == ' ') - ptr++; - len = strlen(ptr); - for (; len && ptr[len - 1] == ' '; len--) - ptr[len - 1] = 0; - tmp = strtoul(ptr, &p, 10); - if (!*ptr || *p || !tmp || tmp > 65535) - { - ErrorMessage("Invalid port, '%s', in lua detector '%s'\n",ptr, - globs.gl_pathv[n]); - goto next; - } - tmp_port = (PortList*)snort_calloc(sizeof(PortList)); - tmp_port->port = (uint16_t)tmp; - tmp_port->next = port; - port = tmp_port; - } - } - else if (strcasecmp(key, "protocol") == 0) - { - if (strcasecmp(value, "tcp") == 0) - proto = 1; - else if (strcasecmp(value, "udp") == 0) - proto = 2; - else if (strcasecmp(value, "tcp/udp") == 0) - proto = 3; - else - { - ErrorMessage("Invalid protocol, '%s', in port service '%s'\n",value, - globs.gl_pathv[n]); - goto next; - } - } - else if (strcasecmp(key, "appId") == 0) - { - appId = (AppId)strtoul(value, &p, 10); - if (!*value || *p || appId <= APP_ID_NONE) - { - ErrorMessage("Invalid app ID, '%s', in port service '%s'\n",value, - globs.gl_pathv[n]); - goto next; - } - } - } - } - - if (port && proto && appId > APP_ID_NONE) - { - while ((tmp_port = port)) - { - port = tmp_port->next; - if (proto & 1) - tcp_port_only[tmp_port->port] = appId; - if (proto & 2) - udp_port_only[tmp_port->port] = appId; - - snort_free(tmp_port); - AppIdContext::app_info_mgr.set_app_info_active(appId); - } - AppIdContext::app_info_mgr.set_app_info_active(appId); - } - else - ErrorMessage("Missing parameter(s) in port service '%s'\n",globs.gl_pathv[n]); - -next: ; - while ((tmp_port = port)) - { - port = tmp_port->next; - snort_free(tmp_port); - } - fclose(file); - } - - globfree(&globs); -} - bool AppIdContext::init_appid(SnortConfig* sc) { + // do not reload ODP on reload_config() + if (!odp_ctxt) + odp_ctxt = new OdpContext(); + // FIXIT-M: RELOAD - Get rid of "once" flag // Handle the if condition in AppIdContext::init_appid static bool once = false; if (!once) { - AppIdContext::app_info_mgr.init_appid_info_table(config, sc); - HostPortCache::initialize(); + AppIdContext::app_info_mgr.init_appid_info_table(config, sc, *odp_ctxt); HttpPatternMatchers* http_matchers = HttpPatternMatchers::get_instance(); AppIdDiscovery::initialize_plugins(); - init_length_app_cache(); LuaDetectorManager::initialize(*this, 1); PatternServiceDetector::finalize_service_port_patterns(); PatternClientDetector::finalize_client_port_patterns(); @@ -256,15 +111,13 @@ bool AppIdContext::init_appid(SnortConfig* sc) http_matchers->finalize_patterns(); ssl_detector_process_patterns(); dns_host_detector_process_patterns(); - read_port_detectors(ODP_PORT_DETECTORS); - read_port_detectors(CUSTOM_PORT_DETECTORS); once = true; } #ifdef ENABLE_APPID_THIRD_PARTY // do not reload third party on reload_config() if (!tp_appid_ctxt) - tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config); + tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt); #endif map_app_names_to_snort_ids(sc); return true; @@ -273,7 +126,7 @@ bool AppIdContext::init_appid(SnortConfig* sc) #ifdef ENABLE_APPID_THIRD_PARTY void AppIdContext::create_tp_appid_ctxt() { - tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config); + tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt); } #endif diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 0e19f651e..f23a3f03c 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -23,9 +23,9 @@ #define APP_ID_CONFIG_H #include +#include #include -#include "application_ids.h" #include "framework/decode_data.h" #include "main/snort_config.h" #include "protocols/ipv6.h" @@ -36,6 +36,10 @@ #include "tp_appid_module_api.h" #endif +#include "application_ids.h" +#include "host_port_app_cache.h" +#include "length_app_cache.h" + #define APP_ID_PORT_ARRAY_SIZE 65536 class AppIdInspector; @@ -72,8 +76,11 @@ public: bool debug = false; bool dump_ports = false; bool log_all_sessions = false; +}; - bool safe_search_enabled = true; +class OdpContext +{ +public: bool dns_host_reporting = true; bool referred_appId_disabled = false; bool mdns_user_reporting = true; @@ -93,6 +100,30 @@ public: uint32_t http_response_version_enabled = 0; bool allow_port_wildcard_host_cache = false; bool recheck_for_portservice_appid = false; + + HostPortVal* host_port_cache_find(const snort::SfIp* ip, uint16_t port, IpProtocol proto) + { + return host_port_cache.find(ip, port, proto, *this); + } + + bool host_port_cache_add(const snort::SfIp* ip, uint16_t port, IpProtocol proto, unsigned type, AppId appid) + { + return host_port_cache.add(ip, port, proto, type, appid); + } + + AppId length_cache_find(const LengthKey& key) + { + return length_cache.find(key); + } + + bool length_cache_add(const LengthKey& key, AppId val) + { + return length_cache.add(key, val); + } + +private: + HostPortCache host_port_cache; + LengthCache length_cache; }; class AppIdContext @@ -103,6 +134,11 @@ public: ~AppIdContext() { } + OdpContext& get_odp_ctxt() const + { + return *odp_ctxt; + } + #ifdef ENABLE_APPID_THIRD_PARTY ThirdPartyAppIdContext* get_tp_appid_ctxt() const { return tp_appid_ctxt; } @@ -129,11 +165,11 @@ public: AppIdConfig* config = nullptr; private: - void read_port_detectors(const char* files); void display_port_config(); // FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is // removed from AppIdContext::pterm static AppInfoManager& app_info_mgr; + static OdpContext* odp_ctxt; #ifdef ENABLE_APPID_THIRD_PARTY static ThirdPartyAppIdContext* tp_appid_ctxt; #endif diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index b744fc132..634b7e65f 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -687,9 +687,9 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, if (!(asd.scan_flags & SCAN_HOST_PORT_FLAG)) check_static = true; - if ((asd.session_packet_count % asd.ctxt->config->host_port_app_cache_lookup_interval == 0) and - (asd.session_packet_count <= asd.ctxt->config->host_port_app_cache_lookup_range) and - asd.ctxt->config->is_host_port_app_cache_runtime ) + if ((asd.session_packet_count % asd.ctxt->get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and + (asd.session_packet_count <= asd.ctxt->get_odp_ctxt().host_port_app_cache_lookup_range) and + asd.ctxt->get_odp_ctxt().is_host_port_app_cache_runtime ) check_dynamic = true; if (!(check_static || check_dynamic)) @@ -721,7 +721,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, HostPortVal* hv = nullptr; if (check_static and - (hv = HostPortCache::find(ip, port, protocol, *(asd.ctxt)))) + (hv = asd.ctxt->get_odp_ctxt().host_port_cache_find(ip, port, protocol))) { asd.scan_flags |= SCAN_HOST_PORT_FLAG; switch (hv->type) @@ -759,7 +759,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, auto ht = host_cache.find(*ip); if (ht) { - AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->config->allow_port_wildcard_host_cache); + AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->get_odp_ctxt().allow_port_wildcard_host_cache); if (appid > APP_ID_NONE) { // FIXIT-L: Make this more generic to support service and payload IDs @@ -779,10 +779,10 @@ static inline bool is_check_host_cache_valid(AppIdSession& asd, AppId service_id { bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and misc_id <= APP_ID_NONE); bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or service_id == APP_ID_UNKNOWN_UI or - (asd.ctxt->config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())); - bool is_ssl_none = asd.ctxt->config->check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and + (asd.ctxt->get_odp_ctxt().recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())); + bool is_ssl_none = asd.ctxt->get_odp_ctxt().check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and (not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname())); - if (is_appid_none or is_ssl_none or asd.ctxt->config->check_host_port_app_cache) + if (is_appid_none or is_ssl_none or asd.ctxt->get_odp_ctxt().check_host_port_app_cache) return true; return false; } @@ -877,7 +877,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, asd.length_sequence.sequence_cnt++; asd.length_sequence.sequence[index].direction = direction; asd.length_sequence.sequence[index].length = p->dsize; - AppId id = find_length_app_cache(asd.length_sequence); + AppId id = asd.ctxt->get_odp_ctxt().length_cache_find(asd.length_sequence); if (id > APP_ID_NONE) { service_id = id; diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index 2856231f5..db8130567 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -306,7 +306,7 @@ void AppIdHttpSession::process_chp_buffers(AppidChangeBits& change_bits) int num_found = 0; cmd.cur_ptype = (HttpFieldIds)i; AppId ret = http_matchers->scan_chp(cmd, &version, &user, &num_found, this, - asd.ctxt->config); + *asd.ctxt); total_found += num_found; if (!ret || num_found < ptype_req_counts[i]) { diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index b7e1b2361..7699b0aef 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -239,9 +239,7 @@ static void appid_inspector_pinit() static void appid_inspector_pterm() { //FIXIT-M: RELOAD - if app_info_table is associated with an object - HostPortCache::terminate(); appid_forecast_pterm(); - free_length_app_cache(); LuaDetectorManager::terminate(); AppIdDiscovery::release_plugins(); delete HttpPatternMatchers::get_instance(); diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index 244fbcb5c..3303df976 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -133,7 +133,7 @@ bool AppIdSessionApi::is_appid_inspecting_session() return true; } - if (asd->ctxt->config->check_host_port_app_cache) + if (asd->ctxt->get_odp_ctxt().check_host_port_app_cache) return true; return false; diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc index 45d49d491..7b427503d 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc @@ -602,7 +602,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) goto udp_done; } if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data, - args.ctxt->config->dns_host_reporting, args.asd)) != APPID_SUCCESS) + args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS) { if (rval == APPID_REVERSED) { @@ -613,7 +613,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, got a // response, and now we've got another query. rval = validate_packet(args.data, args.size, args.dir, - args.ctxt->config->dns_host_reporting, args.asd); + args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) goto inprocess; } @@ -624,7 +624,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, but now we've got // a response. rval = validate_packet(args.data, args.size, args.dir, - args.ctxt->config->dns_host_reporting, args.asd); + args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) { args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED); @@ -638,7 +638,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) } rval = validate_packet(args.data, args.size, args.dir, - args.ctxt->config->dns_host_reporting, args.asd); + args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR)) goto inprocess; @@ -690,7 +690,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) uint16_t size = args.size - sizeof(DNSTCPHeader); uint16_t tmp = ntohs(hdr->length); if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data, - args.ctxt->config->dns_host_reporting, args.asd)) + args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd)) { if (args.dir == APP_ID_FROM_INITIATOR) goto not_compatible; @@ -701,7 +701,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) if (tmp > size) goto not_compatible; rval = validate_packet(data, size, args.dir, - args.ctxt->config->dns_host_reporting, args.asd); + args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd); if (rval != APPID_SUCCESS) goto tcp_done; diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index f823c5fae..b83f87e10 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -981,7 +981,7 @@ void HttpPatternMatchers::scan_key_chp(ChpMatchDescriptor& cmd) } AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, char** user, - int* total_found, AppIdHttpSession* hsession, const AppIdConfig* config) + int* total_found, AppIdHttpSession* hsession, const AppIdContext& ctxt) { MatchedCHPAction* insert_sweep2 = nullptr; bool inhibit_modify = false; @@ -1000,9 +1000,6 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, cha else cmd.sort_chp_matches(); - if (!config->safe_search_enabled) - cmd.chp_rewritten[pt] = nullptr; - for ( auto& tmp: cmd.chp_matches[pt] ) { CHPAction* match = (CHPAction*)tmp.mpattern; @@ -1044,7 +1041,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, cha hsession->set_skip_simple_detect(true); break; case EXTRACT_USER: - if ( !*user && !config->chp_userid_disabled ) + if ( !*user && !ctxt.get_odp_ctxt().chp_userid_disabled ) { extract_chp(cmd.buffer[pt], cmd.length[pt], tmp.start_match_pos, match->psize, match->action_data, user); diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index a4c9d3871..56a9699f3 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -41,7 +41,7 @@ struct AppIdServiceSubtype; struct Packet; } class AppIdHttpSession; -class AppIdConfig; +class AppIdContext; enum httpPatternType { @@ -302,7 +302,7 @@ public: void scan_key_chp(ChpMatchDescriptor&); AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*, - const AppIdConfig*); + const AppIdContext&); AppId scan_header_x_working_with(const char*, uint32_t, char**); int get_appid_by_pattern(const char*, unsigned, char**); bool get_appid_from_url(char*, const char*, char**, const char*, AppId*, AppId*, diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index c20c36c75..59c5dfd94 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -50,6 +50,9 @@ static char* my_action_data = (char*)"0"; static const char* my_chp_data = (const char*)"chp_data"; static int total_found; static AppIdConfig config; +static AppIdContext ctxt(&config); +static OdpContext odpctxt; +OdpContext* AppIdContext::odp_ctxt = &odpctxt; static AppId service_id = APP_ID_NONE; static AppId client_id = APP_ID_NONE; static DetectorHTTPPattern mpattern; @@ -266,9 +269,7 @@ TEST(http_url_patterns_tests, scan_chp_defer) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } @@ -282,9 +283,7 @@ TEST(http_url_patterns_tests, scan_chp_alt_appid) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } @@ -299,12 +298,10 @@ TEST(http_url_patterns_tests, scan_chp_extract_user) mchp.mpattern = &chpa_test; mchp.start_match_pos = 0; cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword"; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(user); user = nullptr; @@ -315,7 +312,6 @@ TEST(http_url_patterns_tests, scan_chp_rewrite_field) // testing REWRITE_FIELD test_find_all_done = false; cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; chpa_test.action_data = my_action_data; chpa_test.appIdInstance = APP_ID_NONE; chpa_test.action = REWRITE_FIELD; @@ -325,8 +321,7 @@ TEST(http_url_patterns_tests, scan_chp_rewrite_field) cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(const_cast(cmd_test.chp_rewritten[RSP_BODY_FID])); cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr; @@ -337,7 +332,6 @@ TEST(http_url_patterns_tests, scan_chp_insert_without_action) // testing INSERT_FIELD without action_data test_find_all_done = false; cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; chpa_test.action_data = nullptr; chpa_test.appIdInstance = APP_ID_NONE; chpa_test.action = INSERT_FIELD; @@ -347,8 +341,7 @@ TEST(http_url_patterns_tests, scan_chp_insert_without_action) cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(const_cast(cmd_test.chp_rewritten[RSP_BODY_FID])); cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr; @@ -359,7 +352,6 @@ TEST(http_url_patterns_tests, scan_chp_insert_with_action) // testing INSERT_FIELD with action_data test_find_all_done = false; cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; chpa_test.action_data = my_action_data; chpa_test.appIdInstance = APP_ID_NONE; chpa_test.action = INSERT_FIELD; @@ -369,8 +361,7 @@ TEST(http_url_patterns_tests, scan_chp_insert_with_action) cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(const_cast(cmd_test.chp_rewritten[RSP_BODY_FID])); cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr; @@ -386,13 +377,11 @@ TEST(http_url_patterns_tests, scan_chp_hold_and_default) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - config.safe_search_enabled = false; chpa_test.psize = 1; mchp.start_match_pos = 0; cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); // testing FUTURE_APPID_SESSION_SIP (default action) @@ -402,8 +391,7 @@ TEST(http_url_patterns_tests, scan_chp_hold_and_default) chpa_test.action = FUTURE_APPID_SESSION_SIP; mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdConfig*)&config) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } diff --git a/src/network_inspectors/appid/host_port_app_cache.cc b/src/network_inspectors/appid/host_port_app_cache.cc index 1bbbf8fd5..83bbdedd3 100644 --- a/src/network_inspectors/appid/host_port_app_cache.cc +++ b/src/network_inspectors/appid/host_port_app_cache.cc @@ -23,72 +23,29 @@ #include "config.h" #endif -#include "host_port_app_cache.h" -#include "managers/inspector_manager.h" -#include "appid_inspector.h" -#include "appid_config.h" - #include -#include +#include "host_port_app_cache.h" #include "log/messages.h" #include "main/thread.h" -#include "sfip/sf_ip.h" -#include "utils/cpp_macros.h" +#include "managers/inspector_manager.h" +#include "appid_config.h" +#include "appid_inspector.h" using namespace snort; -PADDING_GUARD_BEGIN -struct HostPortKey -{ - HostPortKey() - { - ip.clear(); - port = 0; - proto = IpProtocol::PROTO_NOT_SET; - padding = 0; - } - - bool operator<(const HostPortKey& right) const - { - return memcmp((const uint8_t*) this, (const uint8_t*) &right, sizeof(*this)) < 0; - } - - SfIp ip; - uint16_t port; - IpProtocol proto; - char padding; -}; -PADDING_GUARD_END - -static std::map* host_port_cache = nullptr; - -void HostPortCache::initialize() -{ - host_port_cache = new std::map; -} - -void HostPortCache::terminate() -{ - if (host_port_cache) - { - host_port_cache->clear(); - delete host_port_cache; - host_port_cache = nullptr; - } -} - -HostPortVal* HostPortCache::find(const SfIp* ip, uint16_t port, IpProtocol protocol, AppIdContext& ctxt) +HostPortVal* HostPortCache::find(const SfIp* ip, uint16_t port, IpProtocol protocol, + OdpContext& odp_ctxt) { HostPortKey hk; hk.ip = *ip; - hk.port = (ctxt.config->allow_port_wildcard_host_cache)? 0 : port; + hk.port = (odp_ctxt.allow_port_wildcard_host_cache)? 0 : port; hk.proto = protocol; std::map::iterator it; - it = host_port_cache->find(hk); - if (it != host_port_cache->end()) + it = cache.find(hk); + if (it != cache.end()) return &it->second; else return nullptr; @@ -103,20 +60,20 @@ bool HostPortCache::add(const SfIp* ip, uint16_t port, IpProtocol proto, unsigne hk.ip = *ip; AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); AppIdContext* ctxt = inspector->get_ctxt(); - hk.port = (ctxt->config->allow_port_wildcard_host_cache)? 0 : port; + hk.port = (ctxt->get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port; hk.proto = proto; hv.appId = appId; hv.type = type; - (*host_port_cache)[ hk ] = hv; + cache[ hk ] = hv; return true; } void HostPortCache::dump() { - for ( auto& kv : *host_port_cache ) + for ( auto& kv : cache ) { char inet_buffer[INET6_ADDRSTRLEN]; diff --git a/src/network_inspectors/appid/host_port_app_cache.h b/src/network_inspectors/appid/host_port_app_cache.h index 69ef5b9b4..43d01813b 100644 --- a/src/network_inspectors/appid/host_port_app_cache.h +++ b/src/network_inspectors/appid/host_port_app_cache.h @@ -22,14 +22,37 @@ #ifndef HOST_PORT_APP_CACHE_H #define HOST_PORT_APP_CACHE_H +#include + #include "application_ids.h" #include "protocols/protocol_ids.h" -#include "appid_config.h" +#include "sfip/sf_ip.h" +#include "utils/cpp_macros.h" + +class OdpContext; -namespace snort +PADDING_GUARD_BEGIN +struct HostPortKey { -struct SfIp; -} + HostPortKey() + { + ip.clear(); + port = 0; + proto = IpProtocol::PROTO_NOT_SET; + padding = 0; + } + + bool operator<(const HostPortKey& right) const + { + return memcmp((const uint8_t*) this, (const uint8_t*) &right, sizeof(*this)) < 0; + } + + snort::SfIp ip; + uint16_t port; + IpProtocol proto; + char padding; +}; +PADDING_GUARD_END struct HostPortVal { @@ -40,11 +63,17 @@ struct HostPortVal class HostPortCache { public: - static void initialize(); - static void terminate(); - static HostPortVal* find(const snort::SfIp*, uint16_t port, IpProtocol, AppIdContext&); - static bool add(const snort::SfIp*, uint16_t port, IpProtocol, unsigned type, AppId); - static void dump(); + HostPortVal* find(const snort::SfIp*, uint16_t port, IpProtocol, OdpContext&); + bool add(const snort::SfIp*, uint16_t port, IpProtocol, unsigned type, AppId); + void dump(); + + ~HostPortCache() + { + cache.clear(); + } + +private: + std::map cache; }; #endif diff --git a/src/network_inspectors/appid/length_app_cache.cc b/src/network_inspectors/appid/length_app_cache.cc deleted file mode 100644 index 5e84c5403..000000000 --- a/src/network_inspectors/appid/length_app_cache.cc +++ /dev/null @@ -1,63 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved. -// Copyright (C) 2005-2013 Sourcefire, Inc. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -// length_app_cache.cc author Sourcefire Inc. - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include "length_app_cache.h" - -#include - -#include "log/messages.h" -#include "main/thread.h" - -#include "application_ids.h" - -using namespace snort; - -static std::map* length_cache = nullptr; - -void init_length_app_cache() -{ - length_cache = new std::map; -} - -void free_length_app_cache() -{ - delete length_cache; - length_cache = nullptr; -} - -AppId find_length_app_cache(const LengthKey& key) -{ - auto entry = length_cache->find(key); - if (entry == length_cache->end()) - return APP_ID_NONE; /* no match */ - else - return entry->second; /* match found */ -} - -bool add_length_app_cache(const LengthKey& key, AppId val) -{ - return (length_cache->emplace(key, val)).second == true; -} - diff --git a/src/network_inspectors/appid/length_app_cache.h b/src/network_inspectors/appid/length_app_cache.h index e377b2c43..8a6222f41 100644 --- a/src/network_inspectors/appid/length_app_cache.h +++ b/src/network_inspectors/appid/length_app_cache.h @@ -76,10 +76,26 @@ struct LengthKey #pragma pack() -void init_length_app_cache(); -void free_length_app_cache(); -AppId find_length_app_cache(const LengthKey&); -bool add_length_app_cache(const LengthKey&, AppId); +class LengthCache +{ +public: + AppId find(const LengthKey& key) + { + auto entry = cache.find(key); + if (entry == cache.end()) + return APP_ID_NONE; + else + return entry->second; + } + + bool add(const LengthKey& key, AppId val) + { + return (cache.emplace(key, val)).second == true; + } + +private: + std::mapcache; +}; #endif diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index c5d02074f..4164163f3 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1153,7 +1153,7 @@ static int detector_add_host_port_application(lua_State* L) return 0; } - if (!HostPortCache::add(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id)) + if (!ud->get_odp_ctxt().host_port_cache_add(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id)) ErrorMessage("%s:Failed to backend call\n",__func__); return 0; @@ -1842,7 +1842,7 @@ static int detector_add_length_app_cache(lua_State* L) str_ptr++; } - if ( !add_length_app_cache(length_sequence, appId) ) + if ( !ud->get_odp_ctxt().length_cache_add(length_sequence, appId) ) { ErrorMessage("LuaDetectorApi:Could not add entry to cache!"); lua_pushnumber(L, -1); @@ -2785,7 +2785,8 @@ LuaServiceDetector::LuaServiceDetector(AppIdDiscovery* sdm, const std::string& d LuaServiceObject::LuaServiceObject(AppIdDiscovery* sdm, const std::string& detector_name, - const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L) + const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L, + OdpContext& odp_ctxt) : LuaObject(odp_ctxt) { init_lsd(&lsd, detector_name, L); @@ -2855,7 +2856,8 @@ LuaClientDetector::LuaClientDetector(AppIdDiscovery* cdm, const std::string& det } LuaClientObject::LuaClientObject(AppIdDiscovery* cdm, const std::string& detector_name, - const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L) + const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L, + OdpContext& odp_ctxt) : LuaObject(odp_ctxt) { init_lsd(&lsd, detector_name, L); diff --git a/src/network_inspectors/appid/lua_detector_api.h b/src/network_inspectors/appid/lua_detector_api.h index c613d73b1..4544e0921 100644 --- a/src/network_inspectors/appid/lua_detector_api.h +++ b/src/network_inspectors/appid/lua_detector_api.h @@ -109,7 +109,7 @@ public: class LuaObject { public: - LuaObject() = default; + LuaObject(OdpContext& odp_ctxt) : odp_ctxt(odp_ctxt) { } virtual ~LuaObject() = default; LuaObject(const LuaObject&) = delete; LuaObject& operator=(const LuaObject&) = delete; @@ -130,9 +130,13 @@ public: void set_running(bool is_running) { running = is_running; } + OdpContext& get_odp_ctxt() const + { return odp_ctxt; } + private: std::string cb_fn_name; bool running = false; + OdpContext& odp_ctxt; }; class LuaServiceObject: public LuaObject @@ -140,7 +144,8 @@ class LuaServiceObject: public LuaObject public: ServiceDetector* sd; LuaServiceObject(AppIdDiscovery* sdm, const std::string& detector_name, - const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L); + const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L, + OdpContext& odp_ctxt); ServiceDetector* get_detector() { return sd; } }; @@ -150,7 +155,8 @@ class LuaClientObject : public LuaObject public: ClientDetector* cd; LuaClientObject(AppIdDiscovery* cdm, const std::string& detector_name, - const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L); + const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L, + OdpContext& odp_ctxt); ClientDetector* get_detector() { return cd; } }; diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 9da5bbe11..0f14efc18 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -311,7 +311,8 @@ static inline uint32_t compute_lua_tracker_size(uint64_t rnaMemory, uint32_t num } // Leaves 1 value (the Detector userdata) at the top of the stack when succeeds -static LuaObject* create_lua_detector(lua_State* L, const char* detector_name, bool is_custom, const char* detector_filename) +LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name, + bool is_custom, const char* detector_filename) { std::string log_name; IpProtocol proto = IpProtocol::PROTO_NOT_SET; @@ -362,7 +363,7 @@ static LuaObject* create_lua_detector(lua_State* L, const char* detector_name, b if ( lua_istable(L, -1) ) { return new LuaClientObject(&ClientDiscovery::get_instance(), - detector_name, log_name, is_custom, proto, L); + detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt()); } else { @@ -372,7 +373,7 @@ static LuaObject* create_lua_detector(lua_State* L, const char* detector_name, b if ( lua_istable(L, -1) ) { return new LuaServiceObject(&ServiceDiscovery::get_instance(), - detector_name, log_name, is_custom, proto, L); + detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt()); } else if (init(L)) ErrorMessage("Error - appid: can not read DetectorPackageInfo field" @@ -427,7 +428,7 @@ void LuaDetectorManager::load_detector(char* detector_filename, bool isCustom) return; } - LuaObject* lua_object = create_lua_detector(L, detectorName, isCustom, detector_filename); + LuaObject* lua_object = create_lua_detector(detectorName, isCustom, detector_filename); if (lua_object) allocated_objects.push_front(lua_object); } diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h index 914a62222..28eb5aeee 100644 --- a/src/network_inspectors/appid/lua_detector_module.h +++ b/src/network_inspectors/appid/lua_detector_module.h @@ -64,6 +64,8 @@ private: void list_lua_detectors(); void load_detector(char* detectorName, bool isCustom); void load_lua_detectors(const char* path, bool isCustom); + LuaObject* create_lua_detector(const char* detector_name, bool is_custom, + const char* detector_filename); AppIdContext& ctxt; std::list allocated_objects; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 16394d8d0..67ad7f070 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -700,7 +700,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, } AppIdDnsSession* dsession = asd.get_dns_session(); - if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->config->dns_host_reporting + if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->get_odp_ctxt().dns_host_reporting && dsession->get_host()) { AppId client_id = APP_ID_NONE; diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index 9ba977d95..a8e7287ef 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -150,7 +150,7 @@ int MdnsServiceDetector::validate(AppIdDiscoveryArgs& args) ret_val = validate_reply(args.data, args.size); if (ret_val == 1) { - if (args.ctxt->config->mdns_user_reporting) + if (args.ctxt->get_odp_ctxt().mdns_user_reporting) { analyze_user(args.asd, args.pkt, args.size); destroy_match_list(); diff --git a/src/network_inspectors/appid/service_plugins/service_rtmp.cc b/src/network_inspectors/appid/service_plugins/service_rtmp.cc index ecc4a43f3..f55f2ae37 100644 --- a/src/network_inspectors/appid/service_plugins/service_rtmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_rtmp.cc @@ -615,7 +615,7 @@ int RtmpServiceDetector::validate(AppIdDiscoveryArgs& args) } /* Give up if it's taking us too long to figure out this thing. */ - if (args.asd.session_packet_count >= args.asd.ctxt->config->rtmp_max_packets) + if (args.asd.session_packet_count >= args.asd.ctxt->get_odp_ctxt().rtmp_max_packets) { goto fail; } @@ -648,7 +648,7 @@ success: if ( ss->pageUrl ) { if ( !hsession->get_field(REQ_REFERER_FID) && - !args.asd.ctxt->config->referred_appId_disabled ) + !args.asd.ctxt->get_odp_ctxt().referred_appId_disabled ) hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits); snort_free(ss->pageUrl); diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 2942123d6..a6c752c69 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -141,6 +141,8 @@ ProfileStats* AppIdModule::get_profile() const { return nullptr; } AppIdConfig::~AppIdConfig() {} static AppIdConfig app_config; static AppIdContext app_ctxt(&app_config); +static OdpContext odpctxt; +OdpContext* AppIdContext::odp_ctxt = &odpctxt; AppId AppIdContext::get_port_service_id(IpProtocol, uint16_t) { return APP_ID_NONE; @@ -247,7 +249,7 @@ bool ClientDiscovery::do_client_discovery(AppIdSession&, Packet*, } // Stubs for misc items -HostPortVal* HostPortCache::find(const SfIp*, uint16_t, IpProtocol, AppIdContext&) +HostPortVal* HostPortCache::find(const SfIp*, uint16_t, IpProtocol, OdpContext&) { return nullptr; } diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index cb21a782c..aab2c7116 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -66,7 +66,7 @@ AppId HttpPatternMatchers::scan_header_x_working_with(const char*, uint32_t, cha } AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**, - int*, AppIdHttpSession*, const AppIdConfig*) + int*, AppIdHttpSession*, const AppIdContext&) { return 0; } diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index b572cbfdf..d3a2c1bc3 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -48,6 +48,8 @@ void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data) AppIdSession* mock_session = nullptr; AppIdSessionApi* appid_session_api = nullptr; +static OdpContext odpctxt; +OdpContext* AppIdContext::odp_ctxt = &odpctxt; TEST_GROUP(appid_session_api) { @@ -219,7 +221,7 @@ TEST(appid_session_api, is_appid_inspecting_session) // 4th if in is_appid_inspecting_session mock_session->set_tp_app_id(APP_ID_NONE); - mock_session->ctxt->config->check_host_port_app_cache = true; + mock_session->ctxt->get_odp_ctxt().check_host_port_app_cache = true; val = appid_session_api->is_appid_inspecting_session(); CHECK_TRUE(val); } diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index 2a64ce724..2fc023323 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -37,7 +37,11 @@ using namespace std; -TPLibHandler* tph = nullptr; +static TPLibHandler* tph = nullptr; +static AppIdConfig config; +static AppIdContext ctxt(&config); +static OdpContext odpctxt; +OdpContext* AppIdContext::odp_ctxt = &odpctxt; #ifdef ENABLE_APPID_THIRD_PARTY ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr; @@ -51,21 +55,20 @@ TEST_GROUP(tp_lib_handler) TEST(tp_lib_handler, load_unload) { - AppIdConfig config; config.tp_appid_path="./libtp_mock.so"; config.tp_appid_config="./tp.config"; tph = TPLibHandler::get(); - ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config); - CHECK_TRUE(ctxt != nullptr); + ThirdPartyAppIdContext* tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, ctxt.get_odp_ctxt()); + CHECK_TRUE(tp_appid_ctxt != nullptr); TpAppIdCreateSession asf = tph->tpsession_factory(); - ThirdPartyAppIdSession* tpsession = asf(*ctxt); + ThirdPartyAppIdSession* tpsession = asf(*tp_appid_ctxt); CHECK_TRUE(tpsession != nullptr); delete tpsession; - delete ctxt; + delete tp_appid_ctxt; TPLibHandler::pfini(); } @@ -81,11 +84,10 @@ TEST(tp_lib_handler, tp_lib_handler_get) TEST(tp_lib_handler, load_error) { // Trigger load error: - AppIdConfig config; config.tp_appid_path="nonexistent.so"; TPLibHandler::get(); - ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config); - CHECK_TRUE(ctxt == nullptr); + ThirdPartyAppIdContext* tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, ctxt.get_odp_ctxt()); + CHECK_TRUE(tp_appid_ctxt == nullptr); TPLibHandler::pfini(); } diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index a7a1666c6..a87449865 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -294,7 +294,7 @@ static inline void process_http_session(AppIdSession& asd, LogMessage("AppIdDbg %s HTTP response upgrade is %s\n", appidDebug->get_debug_session(),field->c_str()); - if (asd.ctxt->config->http2_detection_enabled) + if (asd.ctxt->get_odp_ctxt().http2_detection_enabled) { const std::string* rc = hsession->get_field(MISC_RESP_CODE_FID); if ( rc && *rc == "101" ) @@ -426,7 +426,7 @@ static inline void process_rtmp(AppIdSession& asd, } } - if ( !asd.ctxt->config->referred_appId_disabled && + if ( !asd.ctxt->get_odp_ctxt().referred_appId_disabled && !hsession->get_field(REQ_REFERER_FID) ) { if ( ( field=attribute_data.http_request_referer(own) ) != nullptr ) @@ -471,7 +471,7 @@ static inline void process_rtmp(AppIdSession& asd, } if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 && - asd.session_packet_count > asd.ctxt->config->rtmp_max_packets) ) + asd.session_packet_count > asd.ctxt->get_odp_ctxt().rtmp_max_packets) ) { const std::string* url; if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr ) @@ -553,7 +553,7 @@ static inline void process_ftp_control(AppIdSession& asd, ThirdPartyAppIDAttributeData& attribute_data) { const string* field=0; - if (!asd.ctxt->config->ftp_userid_disabled && + if (!asd.ctxt->get_odp_ctxt().ftp_userid_disabled && (field=attribute_data.ftp_command_user()) != nullptr) { asd.client.update_user(APP_ID_FTP_CONTROL, field->c_str()); @@ -602,7 +602,7 @@ static inline void check_terminate_tp_module(AppIdSession& asd, uint16_t tpPktCo { AppIdHttpSession* hsession = asd.get_http_session(); - if ((tpPktCount >= asd.ctxt->config->max_tp_flow_depth) || + if ((tpPktCount >= asd.ctxt->get_odp_ctxt().max_tp_flow_depth) || (asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) == (APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) && hsession->get_field(REQ_URI_FID) && @@ -640,7 +640,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I /*** Start of third-party processing. ***/ bool isTpAppidDiscoveryDone = false; - if (p->dsize || asd.ctxt->config->tp_allow_probes) + if (p->dsize || asd.ctxt->get_odp_ctxt().tp_allow_probes) { //restart inspection by 3rd party if (!asd.tp_reinspect_by_initiator && (direction == APP_ID_FROM_INITIATOR) && @@ -658,7 +658,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if (!asd.is_tp_processing_done()) { if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK) - || asd.ctxt->config->tp_allow_probes) + || asd.ctxt->get_odp_ctxt().tp_allow_probes) { int tp_confidence; ThirdPartyAppIDAttributeData tp_attribute_data; diff --git a/src/network_inspectors/appid/tp_lib_handler.cc b/src/network_inspectors/appid/tp_lib_handler.cc index 2bc8e6856..be938aacd 100644 --- a/src/network_inspectors/appid/tp_lib_handler.cc +++ b/src/network_inspectors/appid/tp_lib_handler.cc @@ -79,7 +79,8 @@ bool TPLibHandler::load_callback(const char* const path) return true; } -ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& config) +ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& config, + const OdpContext& odp_ctxt) { assert(self != nullptr); @@ -96,16 +97,16 @@ ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& co tp_config.tp_appid_config = config.tp_appid_config; tp_config.tp_appid_stats_enable = config.tp_appid_stats_enable; tp_config.tp_appid_config_dump = config.tp_appid_config_dump; - tp_config.chp_body_collection_max = config.chp_body_collection_max; - tp_config.ftp_userid_disabled = config.ftp_userid_disabled; + tp_config.chp_body_collection_max = odp_ctxt.chp_body_collection_max; + tp_config.ftp_userid_disabled = odp_ctxt.ftp_userid_disabled; tp_config.chp_body_collection_disabled = - config.chp_body_collection_disabled; - tp_config.tp_allow_probes = config.tp_allow_probes; - if (config.http2_detection_enabled) + odp_ctxt.chp_body_collection_disabled; + tp_config.tp_allow_probes = odp_ctxt.tp_allow_probes; + if (odp_ctxt.http2_detection_enabled) tp_config.http_upgrade_reporting_enabled = 1; else tp_config.http_upgrade_reporting_enabled = 0; - tp_config.http_response_version_enabled = config.http_response_version_enabled; + tp_config.http_response_version_enabled = odp_ctxt.http_response_version_enabled; ThirdPartyAppIdContext* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config); if (tp_appid_ctxt == nullptr) diff --git a/src/network_inspectors/appid/tp_lib_handler.h b/src/network_inspectors/appid/tp_lib_handler.h index 5c8ff68f7..63e93ee3e 100644 --- a/src/network_inspectors/appid/tp_lib_handler.h +++ b/src/network_inspectors/appid/tp_lib_handler.h @@ -25,6 +25,7 @@ #include "tp_appid_session_api.h" class AppIdConfig; +class OdpContext; // This needs to be exported by any third party .so library. // Must return NULL if it fails to create the object. @@ -45,7 +46,8 @@ public: return (self = new TPLibHandler()); } - static ThirdPartyAppIdContext* create_tp_appid_ctxt(const AppIdConfig& config); + static ThirdPartyAppIdContext* create_tp_appid_ctxt(const AppIdConfig& config, + const OdpContext& odp_ctxt); static void tfini(); static void pfini();