From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 16 Jun 2020 23:12:41 +0000 (+0000) Subject: Merge pull request #2263 in SNORT/snort3 from ~SHRARANG/snort3:appid_stash to master X-Git-Tag: 3.0.1-5~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39505d41599c9aa7bec20941c22a338c9ab837b5;p=thirdparty%2Fsnort3.git Merge pull request #2263 in SNORT/snort3 from ~SHRARANG/snort3:appid_stash to master Squashed commit of the following: commit 951f13ad2273fa270d71fd92d2c155b6cd8a3979 Author: Shravan Rangaraju Date: Tue Jun 9 16:22:53 2020 -0400 appid: remove unnecessary stuff from appid apis --- diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index 7de798a5a..2cbc73178 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -48,7 +48,7 @@ AppIdSession* AppIdApi::get_appid_session(const Flow& flow) { AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); - return (asd && asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) ? asd : nullptr; + return asd; } const char* AppIdApi::get_application_name(AppId app_id, AppIdContext& ctxt) @@ -100,7 +100,7 @@ uint32_t AppIdApi::produce_ha_state(const Flow& flow, uint8_t* buf) assert(buf); AppIdSessionHA* appHA = (AppIdSessionHA*)buf; AppIdSession* asd = get_appid_session(flow); - if (asd and (asd->common.flow_type == APPID_FLOW_TYPE_NORMAL)) + if (asd) { appHA->flags = APPID_HA_FLAGS_APP; if (asd->is_tp_appid_available()) @@ -126,7 +126,7 @@ uint32_t AppIdApi::produce_ha_state(const Flow& flow, uint8_t* buf) appHA->appId[7] = asd->misc_app_id; } else - memset(appHA->appId, 0, sizeof(appHA->appId)); + memset(appHA, 0, sizeof(*appHA)); return sizeof(*appHA); } @@ -327,7 +327,7 @@ AppIdSessionApi* AppIdApi::create_appid_session_api(const Flow& flow) { AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); - if (asd and asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) + if (asd) return new AppIdSessionApi(asd); return nullptr; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 0b85c22ef..fa9e994b8 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -179,18 +179,8 @@ static bool set_network_attributes(AppIdSession* asd, Packet* p, IpProtocol& pro { if (asd) { - if (asd->common.flow_type == APPID_FLOW_TYPE_IGNORE) - return false; - - if (asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) - { - protocol = asd->protocol; - asd->flow = p->flow; - } - else if (p->is_tcp()) - protocol = IpProtocol::TCP; - else - protocol = IpProtocol::UDP; + protocol = asd->protocol; + asd->flow = p->flow; if (asd->common.initiator_port) direction = (asd->common.initiator_port == p->ptrs.sp) ? @@ -373,67 +363,6 @@ static uint64_t is_session_monitored(const Packet* p, AppidSessionDirection dir) return flow_flags; } -bool AppIdDiscovery::handle_unmonitored_session(AppIdSession* asd, const Packet* p, - IpProtocol protocol, AppidSessionDirection dir, AppIdInspector& inspector, - uint64_t& flow_flags) -{ - if (asd) - flow_flags = is_session_monitored(*asd, p, dir); - else - flow_flags = is_session_monitored(p, dir); - - if ( flow_flags & (APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED) ) - return false; - - if ( !asd ) - { - uint16_t port = 0; - - const SfIp* ip = (dir == APP_ID_FROM_INITIATOR) ? - p->ptrs.ip_api.get_src() : p->ptrs.ip_api.get_dst(); - if ((protocol == IpProtocol::TCP || protocol == IpProtocol::UDP) - && p->ptrs.sp != p->ptrs.dp) - { - port = (dir == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp; - } - - // FIXIT-E - Creating AppId session even when flow is ignored (not monitored, e.g., - // when AppId discovery is disabled) will consume a lot of unneeded memory and perform - // unneeded tasks in constructor. Snort2 uses static APPID_SESSION_STRUCT_FLAG ignore_fsf. - // Snort3 may use something like that or a dummy class/object having only common.flow_type - // to let us know that it is APPID_FLOW_TYPE_IGNORE type and thus being returned early - // from this method due to set_network_attributes() checking. - AppIdSession* tmp_session = new AppIdSession(protocol, ip, port, inspector); - - if ((flow_flags & APPID_SESSION_BIDIRECTIONAL_CHECKED) == - APPID_SESSION_BIDIRECTIONAL_CHECKED) - { - tmp_session->common.flow_type = APPID_FLOW_TYPE_IGNORE; - if (appidDebug->is_active()) - LogMessage("AppIdDbg %s Not monitored\n", appidDebug->get_debug_session()); - } - else - { - tmp_session->common.flow_type = APPID_FLOW_TYPE_TMP; - if (appidDebug->is_active()) - LogMessage("AppIdDbg %s Unknown monitoring\n", appidDebug->get_debug_session()); - } - tmp_session->common.flags = flow_flags; - p->flow->set_flow_data(tmp_session); - } - else - { - asd->common.flags = flow_flags; - if ( ( flow_flags & APPID_SESSION_BIDIRECTIONAL_CHECKED) == - APPID_SESSION_BIDIRECTIONAL_CHECKED ) - asd->common.flow_type = APPID_FLOW_TYPE_IGNORE; - if (appidDebug->is_active()) - LogMessage("AppIdDbg %s Not monitored\n", appidDebug->get_debug_session()); - } - - return true; -} - // Return false if the packet or the session doesn't need to be inspected bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInspector& inspector, IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction) @@ -454,12 +383,15 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp return false; uint64_t flow_flags; - if (handle_unmonitored_session(asd, p, protocol, direction, inspector, flow_flags)) + if (asd) + flow_flags = is_session_monitored(*asd, p, direction); + else + flow_flags = is_session_monitored(p, direction); + + if ( !(flow_flags & (APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED)) ) return false; - // FIXIT-M - Potential memory leak for TMP sessions. handle_unmonitored_session() already - // TMP session and that is not being freed before creating the new one below - if (!asd || asd->common.flow_type == APPID_FLOW_TYPE_TMP) + if (!asd) { *p_asd = asd = AppIdSession::allocate_session(p, protocol, direction, &inspector); if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM) diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index bf80eceb4..9d6f02416 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -147,9 +147,6 @@ private: AppidSessionDirection direction); static bool do_host_port_based_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol, AppidSessionDirection direction); - static bool handle_unmonitored_session(AppIdSession* asd, const snort::Packet* p, - IpProtocol protocol, AppidSessionDirection dir, AppIdInspector& inspector, - uint64_t& flow_flags); }; #endif diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 57330509e..2b5bf75d8 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -98,7 +98,6 @@ AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, { service_ip.clear(); session_id = ++appid_flow_data_id; - common.flow_type = APPID_FLOW_TYPE_NORMAL; common.initiator_ip = *ip; common.initiator_port = port; @@ -740,9 +739,6 @@ AppId AppIdSession::pick_service_app_id() { AppId rval = APP_ID_NONE; - if (common.flow_type != APPID_FLOW_TYPE_NORMAL) - return APP_ID_NONE; - if (is_service_detected()) { bool deferred = service.get_deferred() || tp_app_id_deferred; @@ -779,8 +775,7 @@ AppId AppIdSession::pick_service_app_id() AppId AppIdSession::pick_ss_misc_app_id() { - if (common.flow_type != APPID_FLOW_TYPE_NORMAL or - service.get_id() == APP_ID_HTTP2) + if (service.get_id() == APP_ID_HTTP2) return APP_ID_NONE; if (misc_app_id > APP_ID_NONE) @@ -797,8 +792,7 @@ AppId AppIdSession::pick_ss_misc_app_id() AppId AppIdSession::pick_ss_client_app_id() { - if (common.flow_type != APPID_FLOW_TYPE_NORMAL or - service.get_id() == APP_ID_HTTP2) + if (service.get_id() == APP_ID_HTTP2) return APP_ID_NONE; AppId tmp_id = APP_ID_NONE; @@ -815,8 +809,7 @@ AppId AppIdSession::pick_ss_client_app_id() AppId AppIdSession::pick_ss_payload_app_id() { - if (common.flow_type != APPID_FLOW_TYPE_NORMAL or - service.get_id() == APP_ID_HTTP2) + if (service.get_id() == APP_ID_HTTP2) return APP_ID_NONE; if (tp_payload_app_id_deferred) @@ -851,8 +844,7 @@ AppId AppIdSession::pick_ss_payload_app_id() AppId AppIdSession::pick_ss_referred_payload_app_id() { - if (common.flow_type != APPID_FLOW_TYPE_NORMAL or - service.get_id() == APP_ID_HTTP2) + if (service.get_id() == APP_ID_HTTP2) return APP_ID_NONE; AppId tmp_id = APP_ID_NONE; diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index b82b0a31a..011566fea 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -72,21 +72,6 @@ const uint8_t* service_strstr(const uint8_t* haystack, unsigned haystack_len, APPID_SESSION_INITIATOR_MONITORED | APPID_SESSION_DISCOVER_USER | \ APPID_SESSION_SPECIAL_MONITORED) -// flow status codes -enum AppIdFlowStatusCodes -{ - APPID_SESSION_SUCCESS = 0, - APPID_SESSION_ENULL, - APPID_SESSION_EINVALID, - APPID_SESSION_ENOMEM, - APPID_SESSION_NOTFOUND, - APPID_SESSION_BADJUJU, - APPID_SESSION_DISABLED, - APPID_SESSION_EUNSUPPORTED, - APPID_SESSION_STOP_PROCESSING, - APPID_SESSION_EEXISTS -}; - enum APPID_DISCOVERY_STATE { APPID_DISCO_STATE_NONE = 0, @@ -121,7 +106,6 @@ struct CommonAppIdData initiator_ip.clear(); } - snort::APPID_FLOW_TYPE flow_type = snort::APPID_FLOW_TYPE_IGNORE; //flags shared with other preprocessor via session attributes. uint64_t flags = 0; snort::SfIp initiator_ip; @@ -287,7 +271,7 @@ public: APPID_DISCOVERY_STATE service_disco_state = APPID_DISCO_STATE_NONE; SESSION_SERVICE_SEARCH_STATE service_search_state = SESSION_SERVICE_SEARCH_STATE::START; ServiceDetector* service_detector = nullptr; - snort::AppIdServiceSubtype* subtype = nullptr; + AppIdServiceSubtype* subtype = nullptr; std::vector service_candidates; ServiceAppDescriptor service; diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index 23de6590e..7f0f09d76 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -37,7 +37,7 @@ bool AppIdSessionApi::refresh(const Flow& flow) { AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); - if (new_asd and new_asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) + if (new_asd) { asd = new_asd; return true; @@ -50,11 +50,6 @@ AppId AppIdSessionApi::get_service_app_id() return asd->get_application_ids_service(); } -AppId AppIdSessionApi::get_port_service_app_id() -{ - return asd->service.get_port_service_id(); -} - AppId AppIdSessionApi::get_misc_app_id(uint32_t stream_index) { return asd->get_application_ids_misc(stream_index); @@ -154,11 +149,6 @@ void AppIdSessionApi::get_app_id(AppId* service, AppId* client, *referred = asd->pick_ss_referred_payload_app_id(); } -bool AppIdSessionApi::is_ssl_session_decrypted() -{ - return asd->is_ssl_session_decrypted(); -} - bool AppIdSessionApi::is_appid_inspecting_session() { if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or @@ -191,13 +181,6 @@ bool AppIdSessionApi::is_appid_inspecting_session() return false; } -const char* AppIdSessionApi::get_user_name(AppId* service, bool* isLoginSuccessful) -{ - *service = asd->client.get_user_id(); - *isLoginSuccessful = asd->get_session_flags(APPID_SESSION_LOGIN_SUCCEEDED) ? true : false; - return asd->client.get_username(); -} - bool AppIdSessionApi::is_appid_available() { return ( (asd->service.get_id() != APP_ID_NONE || @@ -226,19 +209,6 @@ uint64_t AppIdSessionApi::get_appid_session_attribute(uint64_t flags) return asd->get_session_flags(flags); } -void AppIdSessionApi::get_service_info(const char** vendor, const char** version, - AppIdServiceSubtype** subtype) -{ - *vendor = asd->service.get_vendor(); - *version = asd->service.get_version(); - *subtype = asd->subtype; -} - -short AppIdSessionApi::get_service_port() -{ - return asd->service_port; -} - const char* AppIdSessionApi::get_tls_host() { if (asd->tsession) @@ -246,63 +216,11 @@ const char* AppIdSessionApi::get_tls_host() return nullptr; } -SfIp* AppIdSessionApi::get_service_ip() -{ - return &asd->service_ip; -} - SfIp* AppIdSessionApi::get_initiator_ip() { return &asd->common.initiator_ip; } -DHCPData* AppIdSessionApi::get_dhcp_fp_data() -{ - if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_FP)) - return static_cast(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_FP_DATA)); - - return nullptr; -} - -void AppIdSessionApi::free_dhcp_fp_data(DHCPData* data) -{ - asd->clear_session_flags(APPID_SESSION_HAS_DHCP_FP); - BootpServiceDetector::AppIdFreeDhcpData(data); -} - -DHCPInfo* AppIdSessionApi::get_dhcp_info() -{ - if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_INFO)) - return static_cast(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_INFO)); - - return nullptr; -} - -void AppIdSessionApi::free_dhcp_info(DHCPInfo* data) -{ - asd->clear_session_flags(APPID_SESSION_HAS_DHCP_INFO); - BootpServiceDetector::AppIdFreeDhcpInfo(data); -} - -FpSMBData* AppIdSessionApi::get_smb_fp_data() -{ - if (asd->get_session_flags(APPID_SESSION_HAS_SMB_INFO)) - return static_cast(asd->remove_flow_data(APPID_SESSION_DATA_SMB_DATA)); - - return nullptr; -} - -void AppIdSessionApi::free_smb_fp_data(FpSMBData* data) -{ - asd->clear_session_flags(APPID_SESSION_HAS_SMB_INFO); - NbdgmServiceDetector::AppIdFreeSMBData(data); -} - -const char* AppIdSessionApi::get_netbios_name() -{ - return asd->netbios_name; -} - AppIdDnsSession* AppIdSessionApi::get_dns_session() { return asd->get_dns_session(); @@ -320,5 +238,3 @@ bool AppIdSessionApi::is_http_inspection_done() !get_tls_host() and (asd->service_disco_state!= APPID_DISCO_STATE_FINISHED))); } - - diff --git a/src/network_inspectors/appid/appid_session_api.h b/src/network_inspectors/appid/appid_session_api.h index f7977e8bc..58079be33 100644 --- a/src/network_inspectors/appid/appid_session_api.h +++ b/src/network_inspectors/appid/appid_session_api.h @@ -97,87 +97,26 @@ namespace snort APPID_SESSION_PORT_SERVICE_DONE) const uint64_t APPID_SESSION_ALL_FLAGS = 0xFFFFFFFFFFFFFFFFULL; -enum APPID_FLOW_TYPE -{ - APPID_FLOW_TYPE_IGNORE, - APPID_FLOW_TYPE_NORMAL, - APPID_FLOW_TYPE_TMP -}; - -struct AppIdServiceSubtype -{ - AppIdServiceSubtype* next; - const char* service; - const char* vendor; - const char* version; -}; - -#define DHCP_OP55_MAX_SIZE 64 -#define DHCP_OP60_MAX_SIZE 64 - -struct DHCPData -{ - DHCPData* next; - unsigned op55_len; - unsigned op60_len; - uint8_t op55[DHCP_OP55_MAX_SIZE]; - uint8_t op60[DHCP_OP60_MAX_SIZE]; - uint8_t eth_addr[6]; -}; - -struct DHCPInfo -{ - DHCPInfo* next; - uint32_t ipAddr; - uint8_t eth_addr[6]; - uint32_t subnetmask; - uint32_t leaseSecs; - uint32_t router; -}; - -struct FpSMBData -{ - FpSMBData* next; - unsigned major; - unsigned minor; - uint32_t flags; -}; - class SO_PUBLIC AppIdSessionApi { public: AppIdSessionApi(AppIdSession* asd) : asd(asd) {} bool refresh(const Flow& flow); AppId get_service_app_id(); - AppId get_port_service_app_id(); AppId get_misc_app_id(uint32_t stream_index = 0); AppId get_client_app_id(uint32_t stream_index = 0); AppId get_payload_app_id(uint32_t stream_index = 0); AppId get_referred_app_id(uint32_t stream_index = 0); void get_app_id(AppId& service, AppId& client, AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index = 0); void get_app_id(AppId* service, AppId* client, AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index = 0); - bool is_ssl_session_decrypted(); bool is_appid_inspecting_session(); bool is_appid_available(); - const char* get_user_name(AppId* service, bool* isLoginSuccessful); const char* get_client_version(uint32_t stream_index = 0); uint64_t get_appid_session_attribute(uint64_t flag); - APPID_FLOW_TYPE get_flow_type(); - void get_service_info(const char** vendor, const char** version, - AppIdServiceSubtype**); - short get_service_port(); - SfIp* get_service_ip(); SfIp* get_initiator_ip(); AppIdDnsSession* get_dns_session(); AppIdHttpSession* get_http_session(uint32_t stream_index = 0); const char* get_tls_host(); - DHCPData* get_dhcp_fp_data(); - void free_dhcp_fp_data(DHCPData*); - DHCPInfo* get_dhcp_info(); - void free_dhcp_info(DHCPInfo*); - FpSMBData* get_smb_fp_data(); - void free_smb_fp_data(FpSMBData*); - const char* get_netbios_name(); bool is_http_inspection_done(); private: diff --git a/src/network_inspectors/appid/appid_types.h b/src/network_inspectors/appid/appid_types.h index 0e3c1460f..f1de4a6e5 100644 --- a/src/network_inspectors/appid/appid_types.h +++ b/src/network_inspectors/appid/appid_types.h @@ -65,4 +65,12 @@ enum AppidSessionDirection APP_ID_APPID_SESSION_DIRECTION_MAX }; +struct AppIdServiceSubtype +{ + AppIdServiceSubtype* next; + const char* service; + const char* vendor; + const char* version; +}; + #endif diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index c2b655eb0..c7a2ee665 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -232,7 +232,7 @@ int ClientDiscovery::get_detector_candidates_list(AppIdSession& asd, Packet* p, && asd.get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS) ) create_detector_candidates_list(asd, p); - return APPID_SESSION_SUCCESS; + return 0; } // This function sets the client discovery state to APPID_DISCO_STATE_FINISHED diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index c9d4dda54..e541445d9 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -36,7 +36,6 @@ namespace snort { -struct AppIdServiceSubtype; struct Packet; } class AppIdHttpSession; @@ -296,7 +295,7 @@ public: bool get_appid_from_url(const char*, const char*, char**, const char*, AppId*, AppId*, AppId*, AppId*, bool, OdpContext&); AppId get_appid_by_content_type(const char*, int); - void get_server_vendor_version(const char*, int, char**, char**, snort::AppIdServiceSubtype**); + void get_server_vendor_version(const char*, int, char**, char**, AppIdServiceSubtype**); void identify_user_agent(const char*, int, AppId&, AppId&, char**); void get_http_offsets(snort::Packet*, AppIdHttpSession*); uint32_t parse_multiple_http_patterns(const char* pattern, tMlmpPattern*, diff --git a/src/network_inspectors/appid/service_plugins/service_bootp.h b/src/network_inspectors/appid/service_plugins/service_bootp.h index 58fe2bdfd..2e098af76 100644 --- a/src/network_inspectors/appid/service_plugins/service_bootp.h +++ b/src/network_inspectors/appid/service_plugins/service_bootp.h @@ -24,8 +24,31 @@ #include "service_detector.h" -class ServiceDiscovery; +#define DHCP_OP55_MAX_SIZE 64 +#define DHCP_OP60_MAX_SIZE 64 + class AppIdSession; +class ServiceDiscovery; + +struct DHCPData +{ + DHCPData* next; + unsigned op55_len; + unsigned op60_len; + uint8_t op55[DHCP_OP55_MAX_SIZE]; + uint8_t op60[DHCP_OP60_MAX_SIZE]; + uint8_t eth_addr[6]; +}; + +struct DHCPInfo +{ + DHCPInfo* next; + uint32_t ipAddr; + uint8_t eth_addr[6]; + uint32_t subnetmask; + uint32_t leaseSecs; + uint32_t router; +}; class BootpServiceDetector : public ServiceDetector { @@ -35,8 +58,8 @@ public: int validate(AppIdDiscoveryArgs&) override; // FIXIT-L - move to service discovery class - static void AppIdFreeDhcpData(snort::DHCPData*); - static void AppIdFreeDhcpInfo(snort::DHCPInfo*); + static void AppIdFreeDhcpData(DHCPData*); + static void AppIdFreeDhcpInfo(DHCPInfo*); private: int add_dhcp_info(AppIdSession&, unsigned op55_len, const uint8_t* op55, unsigned diff --git a/src/network_inspectors/appid/service_plugins/service_detector.h b/src/network_inspectors/appid/service_plugins/service_detector.h index 4683e3f1a..291f8d1c1 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.h +++ b/src/network_inspectors/appid/service_plugins/service_detector.h @@ -37,11 +37,11 @@ public: int add_service(AppidChangeBits&, AppIdSession&, const snort::Packet*, AppidSessionDirection, AppId, const char* vendor = nullptr, - const char* version = nullptr, const snort::AppIdServiceSubtype* = nullptr); + const char* version = nullptr, const AppIdServiceSubtype* = nullptr); int add_service_consume_subtype(AppIdSession&, const snort::Packet*, AppidSessionDirection dir, AppId, const char* vendor, const char* version, - snort::AppIdServiceSubtype*, AppidChangeBits&); + AppIdServiceSubtype*, AppidChangeBits&); int incompatible_data(AppIdSession&, const snort::Packet*, AppidSessionDirection dir); int fail_service(AppIdSession&, const snort::Packet*, AppidSessionDirection dir); diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.h b/src/network_inspectors/appid/service_plugins/service_netbios.h index 0fb01e2ab..96a1b6b00 100644 --- a/src/network_inspectors/appid/service_plugins/service_netbios.h +++ b/src/network_inspectors/appid/service_plugins/service_netbios.h @@ -24,8 +24,16 @@ #include "service_detector.h" -class ServiceDiscovery; class AppIdSession; +class ServiceDiscovery; + +struct FpSMBData +{ + FpSMBData* next; + unsigned major; + unsigned minor; + uint32_t flags; +}; class NbssServiceDetector : public ServiceDetector { @@ -50,7 +58,7 @@ public: int validate(AppIdDiscoveryArgs&) override; - static void AppIdFreeSMBData(snort::FpSMBData*); + static void AppIdFreeSMBData(FpSMBData*); private: void add_smb_info(AppIdSession&, unsigned major, unsigned minor, uint32_t flags); diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index 34495d0c3..99906fa39 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -108,6 +108,7 @@ bool SslPatternMatchers::scan_cname(unsigned char const* cname, unsigned long, A } void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } + const char* AppInfoManager::get_app_name(AppId) { return test_app_name; @@ -156,26 +157,25 @@ TEST(appid_api, get_application_id) CHECK_EQUAL(id, 1492); } -// FIXIT - enable this test when consume ha appid api call is fixed TEST(appid_api, produce_ha_state) { AppIdSessionHA appHA, cmp_buf; memset((void*)&appHA, 0, sizeof(appHA)); memset((void*)&cmp_buf, 0, sizeof(cmp_buf)); - mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE; mock_session->common.flags |= APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_HTTP_SESSION; - // Reset IDs that may be updated by ssl_app_group_id_lookup test. + mock_session->set_tp_app_id(APPID_UT_ID); + mock_session->service.set_id(APPID_UT_ID + 1, stub_odp_ctxt); + mock_session->client_inferred_service_id = APPID_UT_ID + 2; + mock_session->service.set_port_service_id(APPID_UT_ID + 3); mock_session->payload.set_id(APPID_UT_ID + 4); + mock_session->set_tp_payload_app_id(APPID_UT_ID + 5); mock_session->client.set_id(APPID_UT_ID + 6); + mock_session->misc_app_id = APPID_UT_ID + 7; uint32_t val = appid_api.produce_ha_state(*flow, (uint8_t*)&appHA); CHECK_TRUE(val == sizeof(appHA)); - CHECK_TRUE(memcmp(&appHA, &cmp_buf, val) == 0); - mock_session->common.flow_type = APPID_FLOW_TYPE_NORMAL; - val = appid_api.produce_ha_state(*flow, (uint8_t*)&appHA); - CHECK_TRUE(val == sizeof(appHA)); CHECK_TRUE(appHA.appId[0] == APPID_UT_ID); CHECK_TRUE(appHA.appId[1] == APPID_UT_ID + 1); CHECK_TRUE(appHA.appId[2] == APPID_UT_ID + 2); @@ -230,15 +230,7 @@ TEST(appid_api, ssl_app_group_id_lookup) mock().expectNCalls(4, "publish"); AppId service, client, payload = APP_ID_NONE; bool val = false; - mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE; - val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, nullptr, nullptr, - false, service, client, payload); - CHECK_TRUE(!val); - CHECK_EQUAL(service, APP_ID_NONE); - CHECK_EQUAL(client, APP_ID_NONE); - CHECK_EQUAL(payload, APP_ID_NONE); - mock_session->common.flow_type = APPID_FLOW_TYPE_NORMAL; val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, nullptr, nullptr, false, service, client, payload); CHECK_TRUE(val); @@ -302,12 +294,6 @@ TEST(appid_api, create_appid_session_api) appid_session_api = appid_api.create_appid_session_api(*flow); CHECK_FALSE(appid_session_api); - AppIdSession ignore_asd(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector); - ignore_asd.common.flow_type = APPID_FLOW_TYPE_IGNORE; - flow->set_flow_data(&ignore_asd); - appid_session_api = appid_api.create_appid_session_api(*flow); - CHECK_FALSE(appid_session_api); - delete flow; flow = old_flow; } diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index 08aa8cf70..5c9a9d36c 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -80,7 +80,6 @@ OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; AppIdSession::AppIdSession(IpProtocol proto, const SfIp*, uint16_t, AppIdInspector& inspector) : FlowData(inspector_id, &inspector), ctxt(stub_ctxt), protocol(proto) { - common.flow_type = APPID_FLOW_TYPE_NORMAL; service_port = APPID_UT_SERVICE_PORT; AppidChangeBits change_bits; @@ -120,61 +119,16 @@ AppIdSession::~AppIdSession() snort_free(netbios_name); } -DHCPInfo* dhcp_info = nullptr; -DHCPData* dhcp_data = nullptr; -FpSMBData* smb_data = nullptr; - void* AppIdSession::get_flow_data(unsigned) { return nullptr; } -int AppIdSession::add_flow_data(void* data, unsigned type, AppIdFreeFCN) +int AppIdSession::add_flow_data(void*, unsigned, AppIdFreeFCN) { - if ( type == APPID_SESSION_DATA_DHCP_FP_DATA ) - { - dhcp_data = (DHCPData*)data; - set_session_flags(APPID_SESSION_HAS_DHCP_FP); - } - else if ( type == APPID_SESSION_DATA_DHCP_INFO ) - { - dhcp_info = (DHCPInfo*)data; - set_session_flags(APPID_SESSION_HAS_DHCP_INFO); - } - else if ( type == APPID_SESSION_DATA_SMB_DATA ) - { - smb_data = (FpSMBData*)data; - set_session_flags(APPID_SESSION_HAS_SMB_INFO); - } return 0; } -void* AppIdSession::remove_flow_data(unsigned type) -{ - void* data = nullptr; - - if ( type == APPID_SESSION_DATA_DHCP_FP_DATA ) - { - data = dhcp_data; - dhcp_data = nullptr; - clear_session_flags(APPID_SESSION_HAS_DHCP_FP); - } - else if ( type == APPID_SESSION_DATA_DHCP_INFO ) - { - data = dhcp_info; - dhcp_info = nullptr; - clear_session_flags(APPID_SESSION_HAS_DHCP_INFO); - } - else if ( type == APPID_SESSION_DATA_SMB_DATA ) - { - data = smb_data; - smb_data = nullptr; - clear_session_flags(APPID_SESSION_HAS_SMB_INFO); - } - - return data; -} - void AppIdSession::set_ss_application_ids(AppId service_id, AppId client_id, AppId payload_id, AppId misc_id, AppidChangeBits& change_bits) { diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index c31b127c0..b67378961 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -32,21 +32,6 @@ void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } -void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data) -{ - delete data; -} - -void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* info) -{ - delete info; -} - -void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data) -{ - delete data; -} - AppIdSession* mock_session = nullptr; AppIdSessionApi* appid_session_api = nullptr; static AppIdConfig config; @@ -75,12 +60,6 @@ TEST(appid_session_api, get_service_app_id) CHECK_EQUAL(id, APPID_UT_ID); } -TEST(appid_session_api, get_port_service_app_id) -{ - AppId id = appid_session_api->get_port_service_app_id(); - CHECK_EQUAL(id, APPID_UT_ID + 3); -} - TEST(appid_session_api, get_misc_app_id) { AppId id = appid_session_api->get_misc_app_id(); @@ -121,13 +100,6 @@ TEST(appid_session_api, get_referred_app_id) CHECK_EQUAL(APP_ID_NONE, id); } -TEST(appid_session_api, get_service_port) -{ - short sp = appid_session_api->get_service_port(); - CHECK_EQUAL(sp, APPID_UT_SERVICE_PORT); -} - - TEST(appid_session_api, get_tls_host) { AppidChangeBits change_bits; @@ -137,16 +109,6 @@ TEST(appid_session_api, get_tls_host) STRCMP_EQUAL(val, APPID_UT_TLS_HOST); } -TEST(appid_session_api, get_service_ip) -{ - SfIp expected_ip; - - expected_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR); - - SfIp* val = appid_session_api->get_service_ip(); - CHECK_TRUE(val->fast_eq4(expected_ip)); -} - TEST(appid_session_api, get_initiator_ip) { SfIp expected_ip; @@ -157,22 +119,6 @@ TEST(appid_session_api, get_initiator_ip) CHECK_TRUE(val->fast_eq4(expected_ip)); } -TEST(appid_session_api, get_netbios_name) -{ - const char* val; - val = appid_session_api->get_netbios_name(); - STRCMP_EQUAL(val, APPID_UT_NETBIOS_NAME); -} - -TEST(appid_session_api, is_ssl_session_decrypted) -{ - bool val = appid_session_api->is_ssl_session_decrypted(); - CHECK_TRUE(!val); - is_session_decrypted = true; - val = appid_session_api->is_ssl_session_decrypted(); - CHECK_TRUE(val); -} - TEST(appid_session_api, is_appid_inspecting_session) { mock_session->service_disco_state = APPID_DISCO_STATE_STATEFUL; @@ -225,22 +171,6 @@ TEST(appid_session_api, is_appid_inspecting_session) CHECK_TRUE(val); } -TEST(appid_session_api, get_user_name) -{ - AppId service; - bool isLoginSuccessful; - - const char* val; - val = appid_session_api->get_user_name(&service, &isLoginSuccessful); - STRCMP_EQUAL(val, APPID_UT_USERNAME); - CHECK_TRUE(service == APPID_UT_ID); - CHECK_TRUE(!isLoginSuccessful); - mock_session->set_session_flags(APPID_SESSION_LOGIN_SUCCEEDED); - appid_session_api->get_user_name(&service, &isLoginSuccessful); - CHECK_TRUE(service == APPID_UT_ID); - CHECK_TRUE(isLoginSuccessful); -} - TEST(appid_session_api, is_appid_available) { bool val; @@ -287,20 +217,6 @@ TEST(appid_session_api, get_appid_session_attribute) } } -TEST(appid_session_api, get_service_info) -{ - const char* serviceVendor; - const char* serviceVersion; - AppIdServiceSubtype* serviceSubtype; - - appid_session_api->get_service_info(&serviceVendor, &serviceVersion, &serviceSubtype); - STRCMP_EQUAL(serviceVendor, APPID_UT_SERVICE_VENDOR); - STRCMP_EQUAL(serviceVersion, APPID_UT_SERVICE_VERSION); - STRCMP_EQUAL(serviceSubtype->service, APPID_UT_SERVICE); - STRCMP_EQUAL(serviceSubtype->vendor, APPID_UT_SERVICE_VENDOR); - STRCMP_EQUAL(serviceSubtype->version, APPID_UT_SERVICE_VERSION); -} - TEST(appid_session_api, appid_dns_api) { AppIdDnsSession* dsession = appid_session_api->get_dns_session(); @@ -327,48 +243,6 @@ TEST(appid_session_api, appid_dns_api) CHECK_TRUE(ttl == APPID_UT_DNS_TTL); } -TEST(appid_session_api, dhcp_fp_data) -{ - DHCPData* val; - val = appid_session_api->get_dhcp_fp_data(); - CHECK_TRUE(!val); - val = new DHCPData; - mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_FP_DATA, nullptr); - val = appid_session_api->get_dhcp_fp_data(); - CHECK_TRUE(val); - appid_session_api->free_dhcp_fp_data(val); - val = appid_session_api->get_dhcp_fp_data(); - CHECK_TRUE(!val); -} - -TEST(appid_session_api, dhcp_info) -{ - DHCPInfo* val; - val = appid_session_api->get_dhcp_info(); - CHECK_TRUE(!val); - val = new DHCPInfo; - mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_INFO, nullptr); - val = appid_session_api->get_dhcp_info(); - CHECK_TRUE(val); - appid_session_api->free_dhcp_info(val); - val = appid_session_api->get_dhcp_info(); - CHECK_TRUE(!val); -} - -TEST(appid_session_api, smb_fp_data) -{ - FpSMBData* val; - val = appid_session_api->get_smb_fp_data(); - CHECK_TRUE(!val); - val = new FpSMBData; - mock_session->add_flow_data(val, APPID_SESSION_DATA_SMB_DATA, nullptr); - val = appid_session_api->get_smb_fp_data(); - CHECK_TRUE(val); - appid_session_api->free_smb_fp_data(val); - val = appid_session_api->get_smb_fp_data(); - CHECK_TRUE(!val); -} - TEST(appid_session_api, is_http_inspection_done) { bool val;