From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 21 Dec 2021 23:02:59 +0000 (+0000) Subject: Pull request #3226: appid: make peg counts consistent with what is reported to extern... X-Git-Tag: 3.1.20.0~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32b5eff6e718d5b04d74a098a263dddb5350c90d;p=thirdparty%2Fsnort3.git Pull request #3226: appid: make peg counts consistent with what is reported to external components Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_stats to master Squashed commit of the following: commit 45601fb546e99d0f26d557408682f94c7c88e157 Author: Shravan Rangaraju Date: Fri Dec 10 13:06:57 2021 -0500 appid: make peg counts consistent with what is reported to external components --- diff --git a/src/network_inspectors/appid/CMakeLists.txt b/src/network_inspectors/appid/CMakeLists.txt index 2b10e96e5..c333882d6 100644 --- a/src/network_inspectors/appid/CMakeLists.txt +++ b/src/network_inspectors/appid/CMakeLists.txt @@ -171,7 +171,6 @@ set ( APPID_SOURCES appid_inspector.h appid_module.cc appid_module.h - appid_pegs.h appid_ssh_event_handler.cc appid_ssh_event_handler.h appid_stats.cc diff --git a/src/network_inspectors/appid/appid_app_descriptor.cc b/src/network_inspectors/appid/appid_app_descriptor.cc index 5fc81a4dd..c9e5352f4 100644 --- a/src/network_inspectors/appid/appid_app_descriptor.cc +++ b/src/network_inspectors/appid/appid_app_descriptor.cc @@ -21,21 +21,7 @@ using namespace snort; void ApplicationDescriptor::set_id(AppId app_id) { if ( my_id != app_id ) - { my_id = app_id; - if ( app_id > APP_ID_NONE ) - update_stats(app_id); - else if ( app_id == APP_ID_UNKNOWN ) - appid_stats.appid_unknown++; - else - return; // app_id == APP_ID_NONE - - if ( overwritten_id > APP_ID_NONE ) - { - update_stats(overwritten_id, false); - overwritten_id = APP_ID_NONE; - } - } } void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd, @@ -48,19 +34,10 @@ void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd, } } -void ServiceAppDescriptor::update_stats(AppId id, bool increment) -{ - AppIdPegCounts::update_service_count(id, increment); -} - void ServiceAppDescriptor::set_port_service_id(AppId id) { if ( id != port_service_id ) - { port_service_id = id; - if ( id > APP_ID_NONE ) - AppIdPegCounts::update_service_count(id, true); - } } void ServiceAppDescriptor::set_id(AppId app_id, OdpContext& odp_ctxt) @@ -90,13 +67,3 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC } } } - -void ClientAppDescriptor::update_stats(AppId id, bool increment) -{ - AppIdPegCounts::update_client_count(id, increment); -} - -void PayloadAppDescriptor::update_stats(AppId id, bool increment) -{ - AppIdPegCounts::update_payload_count(id, increment); -} diff --git a/src/network_inspectors/appid/appid_app_descriptor.h b/src/network_inspectors/appid/appid_app_descriptor.h index 6e19081bd..17f0d7df9 100644 --- a/src/network_inspectors/appid/appid_app_descriptor.h +++ b/src/network_inspectors/appid/appid_app_descriptor.h @@ -59,8 +59,6 @@ public: set_version(version); } - virtual void update_stats(AppId id, bool increment = true) = 0; - AppId get_id() const { return my_id; @@ -70,11 +68,6 @@ public: virtual void set_id(const snort::Packet& p, AppIdSession& asd, AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits); - void set_overwritten_id(AppId app_id) - { - overwritten_id = app_id; - } - const char* get_version() const { return my_version.empty() ? nullptr : my_version.c_str(); @@ -88,7 +81,6 @@ public: private: AppId my_id = APP_ID_NONE; - AppId overwritten_id = APP_ID_NONE; std::string my_version; }; @@ -139,8 +131,6 @@ public: service_group = DAQ_PKTHDR_UNKNOWN; } - void update_stats(AppId id, bool increment = true) override; - AppId get_port_service_id() const { return port_service_id; @@ -253,8 +243,6 @@ public: return my_username.empty() ? nullptr : my_username.c_str(); } - void update_stats(AppId id, bool increment = true) override; - void set_efp_client_app_id(AppId id) { efp_client_app_id = id; @@ -291,8 +279,6 @@ public: { ApplicationDescriptor::reset(); } - - void update_stats(AppId id, bool increment = true) override; }; #endif diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index dcbc15576..094af1d8f 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -442,6 +442,9 @@ void AppIdHttpSession::set_client(AppId app_id, AppidChangeBits& change_bits, assert(asd.flow); if (asd.flow->ha_state) asd.flow->ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); + if (asd.get_service_id() == APP_ID_HTTP2) + AppIdPegCounts::inc_client_count(app_id); + if (version) { client.set_version(version); @@ -467,6 +470,8 @@ void AppIdHttpSession::set_payload(AppId app_id, AppidChangeBits& change_bits, assert(asd.flow); if (asd.flow->ha_state) asd.flow->ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); + if (asd.get_service_id() == APP_ID_HTTP2) + AppIdPegCounts::inc_payload_count(app_id); payload.set_version(version); if (appidDebug->is_active()) @@ -487,6 +492,8 @@ void AppIdHttpSession::set_referred_payload(AppId app_id, AppidChangeBits& chang return; referred_payload_app_id = app_id; + if (asd.get_service_id() == APP_ID_HTTP2) + AppIdPegCounts::inc_referred_count(app_id); change_bits.set(APPID_REFERRED_BIT); if (appidDebug->is_active()) diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index dba8ad561..b2bc54b67 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -429,7 +429,6 @@ static const PegInfo appid_pegs[] = { CountType::SUM, "processed_packets", "count of packets processed" }, { CountType::SUM, "ignored_packets", "count of packets ignored" }, { CountType::SUM, "total_sessions", "count of sessions created" }, - { CountType::SUM, "appid_unknown", "count of sessions where appid could not be determined" }, { CountType::SUM, "service_cache_prunes", "number of times the service cache was pruned" }, { CountType::SUM, "service_cache_adds", "number of times an entry was added to the service cache" }, { CountType::SUM, "service_cache_removes", "number of times an item was removed from the service cache" }, diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index 4894e8587..ee31207f4 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -31,7 +31,7 @@ #include "main/snort_config.h" #include "appid_config.h" -#include "appid_pegs.h" +#include "appid_peg_counts.h" namespace snort { diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc index 99b1acd49..7644ded58 100644 --- a/src/network_inspectors/appid/appid_peg_counts.cc +++ b/src/network_inspectors/appid/appid_peg_counts.cc @@ -67,6 +67,12 @@ void AppIdPegCounts::cleanup_dynamic_sum() memset((*appid_peg_counts)[app_num].stats, 0, sizeof(PegCount) * DetectorPegs::NUM_APPID_DETECTOR_PEGS); } + + // reset unknown_app stats + memset(appid_dynamic_sum[SF_APPID_MAX].stats, 0, sizeof(PegCount) * + DetectorPegs::NUM_APPID_DETECTOR_PEGS); + memset((*appid_peg_counts)[appid_peg_counts->size() - 1].stats, 0, sizeof(PegCount) * + DetectorPegs::NUM_APPID_DETECTOR_PEGS); } void AppIdPegCounts::add_app_peg_info(std::string app_name, AppId app_id) @@ -96,28 +102,19 @@ void AppIdPegCounts::sum_stats() appid_dynamic_sum[SF_APPID_MAX].stats[j] += ptr[peg_num].stats[j]; } -void AppIdPegCounts::update_service_count(AppId id, bool increment) +void AppIdPegCounts::inc_service_count(AppId id) { - if (increment) - (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++; - else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]) - (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]--; + (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++; } -void AppIdPegCounts::update_client_count(AppId id, bool increment) +void AppIdPegCounts::inc_client_count(AppId id) { - if (increment) - (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++; - else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]) - (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]--; + (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++; } -void AppIdPegCounts::update_payload_count(AppId id, bool increment) +void AppIdPegCounts::inc_payload_count(AppId id) { - if (increment) - (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++; - else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]) - (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]--; + (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++; } void AppIdPegCounts::inc_user_count(AppId id) @@ -130,6 +127,11 @@ void AppIdPegCounts::inc_misc_count(AppId id) (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::MISC_DETECTS]++; } +void AppIdPegCounts::inc_referred_count(AppId id) +{ + (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::REFERRED_DETECTS]++; +} + uint32_t AppIdPegCounts::get_stats_index(AppId id) { std::unordered_map::iterator stats_idx_it = appid_detector_pegs_idx.find(id); @@ -162,8 +164,8 @@ void AppIdPegCounts::print() LogLabel("detected apps and services"); char buff[120]; - snprintf(buff, sizeof(buff), "%25.25s: %-10s %-10s %-10s %-10s %-10s %-10s %-10s", - "Application", "Flows", "Clients", "Users", "Payloads", "Misc", "Incompat.", "Failed"); + snprintf(buff, sizeof(buff), "%25.25s: %-10s %-10s %-10s %-10s %-10s %-10s", + "Application", "Services", "Clients", "Users", "Payloads", "Misc", "Referred"); LogText(buff); for (unsigned i = 0; i < app_num; i++) diff --git a/src/network_inspectors/appid/appid_peg_counts.h b/src/network_inspectors/appid/appid_peg_counts.h index 291427373..f4004ff57 100644 --- a/src/network_inspectors/appid/appid_peg_counts.h +++ b/src/network_inspectors/appid/appid_peg_counts.h @@ -42,6 +42,19 @@ #include "main/thread.h" #include "utils/util.h" +struct AppIdStats +{ + PegCount packets; + PegCount processed_packets; + PegCount ignored_packets; + PegCount total_sessions; + PegCount service_cache_prunes; + PegCount service_cache_adds; + PegCount service_cache_removes; + PegCount odp_reload_ignored_pkts; + PegCount tp_reload_ignored_pkts; +}; + class AppIdPegCounts { public: @@ -52,8 +65,7 @@ public: USER_DETECTS, PAYLOAD_DETECTS, MISC_DETECTS, - INCOMPATIBLE, - FAILED, + REFERRED_DETECTS, NUM_APPID_DETECTOR_PEGS }; @@ -70,9 +82,10 @@ public: void print(const char* app, char* buf, int buf_size) { - snprintf(buf, buf_size, "%25.25s: " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") + snprintf(buf, buf_size, "%25.25s: " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10"), app, - stats[0], stats[1], stats[2], stats[3], stats[4], stats[5], stats[6]); + stats[SERVICE_DETECTS], stats[CLIENT_DETECTS], stats[USER_DETECTS], + stats[PAYLOAD_DETECTS], stats[MISC_DETECTS], stats[REFERRED_DETECTS]); } }; @@ -82,24 +95,12 @@ public: static void cleanup_peg_info(); static void cleanup_dynamic_sum(); - static void update_service_count(AppId id, bool increment); - static void update_client_count(AppId id, bool increment); - static void update_payload_count(AppId id, bool increment); - + static void inc_service_count(AppId id); + static void inc_client_count(AppId id); + static void inc_payload_count(AppId id); static void inc_user_count(AppId id); static void inc_misc_count(AppId id); - - static void inc_incompatible_count(AppId id) - { - if ( appid_detector_pegs_idx[id] != appid_detectors_info.size() ) - (*appid_peg_counts)[appid_detector_pegs_idx[id]].stats[DetectorPegs::INCOMPATIBLE]++; - } - - static void inc_failed_count(AppId id) - { - if ( appid_detector_pegs_idx[id] != appid_detectors_info.size() ) - (*appid_peg_counts)[appid_detector_pegs_idx[id]].stats[DetectorPegs::FAILED]++; - } + static void inc_referred_count(AppId id); static void sum_stats(); static void print(); diff --git a/src/network_inspectors/appid/appid_pegs.h b/src/network_inspectors/appid/appid_pegs.h deleted file mode 100644 index 484c616fe..000000000 --- a/src/network_inspectors/appid/appid_pegs.h +++ /dev/null @@ -1,40 +0,0 @@ -//-------------------------------------------------------------------------- -// Copyright (C) 2019-2021 Cisco and/or its affiliates. All rights reserved. -// -// This program is free software; you can redistribute it and/or modify it -// under the terms of the GNU General Public License Version 2 as published -// by the Free Software Foundation. You may not use, modify or distribute -// this program under any other version of the GNU General Public License. -// -// This program is distributed in the hope that it will be useful, but -// WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -//-------------------------------------------------------------------------- - -// appid_pegs.h author Silviu Minut - -#ifndef APPID_PEGS_H -#define APPID_PEGS_H - -#include "framework/counts.h" - -struct AppIdStats -{ - PegCount packets; - PegCount processed_packets; - PegCount ignored_packets; - PegCount total_sessions; - PegCount appid_unknown; - PegCount service_cache_prunes; - PegCount service_cache_adds; - PegCount service_cache_removes; - PegCount odp_reload_ignored_pkts; - PegCount tp_reload_ignored_pkts; -}; - -#endif diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 66ab5ca4b..d81cd9684 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -393,18 +393,6 @@ void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits, encrypted.misc_id = pick_ss_misc_app_id(); encrypted.referred_id = pick_ss_referred_payload_app_id(); - // After decryption, new application ids might be detected - // overriding existing ones from the encrypted flow. Set overwritten id - // to update app statistics when new AppId is detected. - if (encrypted.service_id > APP_ID_NONE and client_inferred_service_id == APP_ID_NONE) - api.service.set_overwritten_id(encrypted.service_id); - - if (encrypted.client_id > APP_ID_NONE) - api.client.set_overwritten_id(encrypted.client_id); - - if (encrypted.payload_id > APP_ID_NONE) - api.payload.set_overwritten_id(encrypted.payload_id); - reinit_session_data(change_bits, curr_tp_appid_ctxt); if (appidDebug->is_active()) LogMessage("AppIdDbg %s SSL decryption is available, restarting app detection\n", diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index 95d7bb41a..d3d2dfec5 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -28,6 +28,7 @@ #include "flow/ha.h" #include "managers/inspector_manager.h" #include "appid_inspector.h" +#include "appid_peg_counts.h" #include "appid_session.h" #include "appid_types.h" #include "service_plugins/service_bootp.h" @@ -351,30 +352,13 @@ void AppIdSessionApi::set_netbios_domain(AppidChangeBits& change_bits, const cha void AppIdSessionApi::set_ss_application_ids(AppId service_id, AppId client_id, AppId payload_id, AppId misc_id, AppId referred_id, AppidChangeBits& change_bits, Flow& flow) { - if (application_ids[APP_PROTOID_SERVICE] != service_id) - { - application_ids[APP_PROTOID_SERVICE] = service_id; - change_bits.set(APPID_SERVICE_BIT); - if (flow.ha_state) - flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); - } - if (application_ids[APP_PROTOID_CLIENT] != client_id) - { - application_ids[APP_PROTOID_CLIENT] = client_id; - change_bits.set(APPID_CLIENT_BIT); - if (flow.ha_state) - flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); - } - if (application_ids[APP_PROTOID_PAYLOAD] != payload_id) - { - application_ids[APP_PROTOID_PAYLOAD] = payload_id; - change_bits.set(APPID_PAYLOAD_BIT); - if (flow.ha_state) - flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); - } + set_application_ids_service(service_id, change_bits, flow); + set_ss_application_ids(client_id, payload_id, change_bits, flow); + if (application_ids[APP_PROTOID_MISC] != misc_id) { application_ids[APP_PROTOID_MISC] = misc_id; + AppIdPegCounts::inc_misc_count(misc_id); change_bits.set(APPID_MISC_BIT); if (flow.ha_state) flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); @@ -382,6 +366,7 @@ void AppIdSessionApi::set_ss_application_ids(AppId service_id, AppId client_id, if (application_ids[APP_PROTOID_REFERRED] != referred_id) { application_ids[APP_PROTOID_REFERRED] = referred_id; + AppIdPegCounts::inc_referred_count(referred_id); change_bits.set(APPID_REFERRED_BIT); } } @@ -392,6 +377,7 @@ void AppIdSessionApi::set_ss_application_ids_payload(AppId payload_id, if (application_ids[APP_PROTOID_PAYLOAD] != payload_id) { application_ids[APP_PROTOID_PAYLOAD] = payload_id; + AppIdPegCounts::inc_payload_count(payload_id); change_bits.set(APPID_PAYLOAD_BIT); if (flow.ha_state) flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); @@ -404,17 +390,12 @@ void AppIdSessionApi::set_ss_application_ids(AppId client_id, AppId payload_id, if (application_ids[APP_PROTOID_CLIENT] != client_id) { application_ids[APP_PROTOID_CLIENT] = client_id; + AppIdPegCounts::inc_client_count(client_id); change_bits.set(APPID_CLIENT_BIT); if (flow.ha_state) flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); } - if (application_ids[APP_PROTOID_PAYLOAD] != payload_id) - { - application_ids[APP_PROTOID_PAYLOAD] = payload_id; - change_bits.set(APPID_PAYLOAD_BIT); - if (flow.ha_state) - flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); - } + set_ss_application_ids_payload(payload_id, change_bits, flow); } void AppIdSessionApi::set_application_ids_service(AppId service_id, AppidChangeBits& change_bits, @@ -423,6 +404,7 @@ void AppIdSessionApi::set_application_ids_service(AppId service_id, AppidChangeB if (application_ids[APP_PROTOID_SERVICE] != service_id) { application_ids[APP_PROTOID_SERVICE] = service_id; + AppIdPegCounts::inc_service_count(service_id); change_bits.set(APPID_SERVICE_BIT); if (flow.ha_state) flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR); diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index 0e5bc048d..932f2f615 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -181,10 +181,10 @@ AppIdHttpSession::~AppIdHttpSession() // Stubs for AppIdPegCounts // LCOV_EXCL_START -void AppIdPegCounts::update_service_count(AppId, bool) { } -void AppIdPegCounts::update_client_count(AppId, bool) { } +void AppIdPegCounts::inc_service_count(AppId) { } +void AppIdPegCounts::inc_client_count(AppId) { } void AppIdPegCounts::inc_user_count(AppId) { } -void AppIdPegCounts::update_payload_count(AppId, bool) { } +void AppIdPegCounts::inc_payload_count(AppId) { } THREAD_LOCAL AppIdStats appid_stats; void AppIdModule::sum_stats(bool) { } @@ -219,10 +219,6 @@ bool AppIdReloadTuner::tune_resources(unsigned int) } void ApplicationDescriptor::set_id(AppId){} void ServiceAppDescriptor::set_id(AppId, OdpContext&){} -void ServiceAppDescriptor::update_stats(AppId, bool){} -void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){} -void ClientAppDescriptor::update_stats(AppId, bool) {} -void PayloadAppDescriptor::update_stats(AppId, bool) {} void ServiceDiscovery::initialize(AppIdInspector&) {} void ServiceDiscovery::reload() {} diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index 79ba62993..af0eba7f2 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -98,10 +98,7 @@ void AppIdDetector::add_payload(AppIdSession&, AppId){} void AppIdDetector::add_app(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppId, const char*, AppidChangeBits&){} void ApplicationDescriptor::set_id(AppId){} void ServiceAppDescriptor::set_id(AppId, OdpContext&){} -void ServiceAppDescriptor::update_stats(AppId, bool){} void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){} -void ClientAppDescriptor::update_stats(AppId, bool) {} -void PayloadAppDescriptor::update_stats(AppId, bool) {} void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, const uint8_t* const, unsigned, unsigned){} void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol){} @@ -178,9 +175,9 @@ void AppIdSession::free_flow_data() void* AppIdSession::get_flow_data(unsigned) const { return smb_data;} // Stubs for AppIdPegCounts -void AppIdPegCounts::update_service_count(AppId, bool) { } -void AppIdPegCounts::update_client_count(AppId, bool) { } -void AppIdPegCounts::update_payload_count(AppId, bool) { } +void AppIdPegCounts::inc_service_count(AppId, bool) { } +void AppIdPegCounts::inc_client_count(AppId, bool) { } +void AppIdPegCounts::inc_payload_count(AppId, bool) { } THREAD_LOCAL AppIdStats appid_stats; void AppIdModule::show_dynamic_stats() { } diff --git a/src/network_inspectors/appid/service_state.h b/src/network_inspectors/appid/service_state.h index 345307bba..11090dacc 100644 --- a/src/network_inspectors/appid/service_state.h +++ b/src/network_inspectors/appid/service_state.h @@ -30,7 +30,7 @@ #include "utils/cpp_macros.h" #include "utils/util.h" -#include "appid_pegs.h" +#include "appid_peg_counts.h" #include "service_plugins/service_discovery.h" class ServiceDetector; diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index a5ce3b432..79471860b 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -151,11 +151,8 @@ void ServiceAppDescriptor::set_id(AppId app_id, OdpContext& odp_ctxt) set_id(app_id); deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER); } -void ServiceAppDescriptor::update_stats(AppId, bool){} void ServiceAppDescriptor::set_port_service_id(AppId){} void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){} -void ClientAppDescriptor::update_stats(AppId, bool) {} -void PayloadAppDescriptor::update_stats(AppId, bool) {} // Stubs for AppIdModule AppIdModule::AppIdModule(): Module("appid_mock", "appid_mock_help") {} diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index 525b08170..acb1f6b81 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -184,6 +184,7 @@ TEST_GROUP(appid_http_session) session->flow = &flow; mock_hsession = new AppIdHttpSession(*session, 0); appidDebug = new AppIdDebug(); + AppIdPegCounts::init_pegs(); } void teardown() override @@ -191,6 +192,7 @@ TEST_GROUP(appid_http_session) delete appidDebug; delete mock_hsession; delete session; + AppIdPegCounts::cleanup_pegs(); } }; diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index f0e918bfb..acae461ee 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -63,7 +63,6 @@ SearchTool::~SearchTool() = default; DiscoveryFilter::~DiscoveryFilter(){} void ApplicationDescriptor::set_id(AppId app_id){ my_id = app_id;} void ServiceAppDescriptor::set_id(AppId app_id, OdpContext&){ set_id(app_id); } -void ServiceAppDescriptor::update_stats(AppId, bool){} void ServiceAppDescriptor::set_port_service_id(AppId app_id){ port_service_id = app_id;} void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidChangeBits& change_bits) { @@ -71,8 +70,6 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC my_user_id = app_id; change_bits.set(APPID_USER_INFO_BIT); } -void ClientAppDescriptor::update_stats(AppId, bool) {} -void PayloadAppDescriptor::update_stats(AppId, bool) {} AppIdDiscovery::~AppIdDiscovery() = default; void ClientDiscovery::initialize(AppIdInspector&) { } diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index eb0ffcf63..522e12dc8 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -80,11 +80,8 @@ void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = tru void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void ApplicationDescriptor::set_id(AppId){} void ServiceAppDescriptor::set_id(AppId, OdpContext&){} -void ServiceAppDescriptor::update_stats(AppId, bool){} void ServiceAppDescriptor::set_port_service_id(AppId){} void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){} -void ClientAppDescriptor::update_stats(AppId, bool) {} -void PayloadAppDescriptor::update_stats(AppId, bool) {} AppIdConfig::~AppIdConfig() = default; OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } AppIdConfig stub_config;