From: Sreeja Athirkandathil Narayanan (sathirka) Date: Wed, 28 Jun 2023 16:46:23 +0000 (+0000) Subject: Pull request #3890: appid: do not use global pointers to service and client detectors... X-Git-Tag: 3.1.65.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d30539c46ea27f42890cf0d6e04a1d49b865386;p=thirdparty%2Fsnort3.git Pull request #3890: appid: do not use global pointers to service and client detectors for packet processing during reload detectors Merge in SNORT/snort3 from ~SATHIRKA/snort3:tsan_client_det to master Squashed commit of the following: commit f31c08920afb3e6411a4bce428fa22acc6213423 Author: Sreeja Athirkandathil Narayanan Date: Wed May 10 09:11:40 2023 -0400 appid: do not use global pointers to service and client detectors for packet processing during reload detectors --- diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 6e5d4a4b6..14dcdf1fb 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -33,7 +33,11 @@ #include "appid_http_session.h" #include "appid_inspector.h" #include "appid_session.h" +#include "detector_plugins/detector_imap.h" +#include "detector_plugins/detector_kerberos.h" #include "detector_plugins/detector_pattern.h" +#include "detector_plugins/detector_pop3.h" +#include "detector_plugins/detector_smtp.h" #include "host_port_app_cache.h" #include "main/snort_config.h" #include "log/messages.h" @@ -120,6 +124,8 @@ bool AppIdContext::init_appid(SnortConfig* sc, AppIdInspector& inspector) { odp_ctxt->get_client_disco_mgr().initialize(inspector); odp_ctxt->get_service_disco_mgr().initialize(inspector); + odp_ctxt->set_client_and_service_detectors(); + odp_thread_local_ctxt->initialize(sc, *this, true); odp_ctxt->initialize(inspector); @@ -212,6 +218,63 @@ void OdpContext::reload() alpn_matchers.reload_patterns(); } +void OdpContext::set_client_and_service_detectors() +{ + Pop3ServiceDetector* s_pop = (Pop3ServiceDetector*) service_disco_mgr.get_service_detector("pop3"); + Pop3ClientDetector* c_pop = (Pop3ClientDetector*) client_disco_mgr.get_client_detector("pop3"); + if (!s_pop or !c_pop) + { + ErrorMessage("appid: failed to initialize pop3 detector\n"); + return; + } + s_pop->set_client_detector(c_pop); + c_pop->set_service_detector(s_pop); + + KerberosServiceDetector* s_krb = (KerberosServiceDetector*) service_disco_mgr.get_service_detector("kerberos"); + KerberosClientDetector* c_krb = (KerberosClientDetector*) client_disco_mgr.get_client_detector("kerberos"); + if (!s_krb or !c_krb) + { + ErrorMessage("appid: failed to initialize kerberos detector\n"); + return; + } + s_krb->set_client_detector(c_krb); + c_krb->set_service_detector(s_krb); + + SmtpServiceDetector* s_smtp = (SmtpServiceDetector*) service_disco_mgr.get_service_detector("smtp"); + SmtpClientDetector* c_smtp = (SmtpClientDetector*) client_disco_mgr.get_client_detector("SMTP"); + if (!s_smtp or !c_smtp) + { + ErrorMessage("appid: failed to initialize smtp detector\n"); + return; + } + s_smtp->set_client_detector(c_smtp); + + ImapServiceDetector* s_imap = (ImapServiceDetector*) service_disco_mgr.get_service_detector("IMAP"); + ImapClientDetector* c_imap = (ImapClientDetector*) client_disco_mgr.get_client_detector("IMAP"); + if (!s_imap or !c_imap) + { + ErrorMessage("appid: failed to initialize imap detector\n"); + return; + } + s_imap->set_client_detector(c_imap); +} + +SipServiceDetector* OdpContext::get_sip_service_detector() +{ + SipServiceDetector* s_sip = (SipServiceDetector*) service_disco_mgr.get_service_detector("sip"); + if (!s_sip) + ErrorMessage("appid: failed to initialize sip service detector\n"); + return s_sip; +} + +SipUdpClientDetector* OdpContext::get_sip_client_detector() +{ + SipUdpClientDetector* c_sip = (SipUdpClientDetector*) client_disco_mgr.get_client_detector("SIP"); + if (!c_sip) + ErrorMessage("appid: failed to initialize sip client detector\n"); + return c_sip; +} + void OdpContext::add_port_service_id(IpProtocol proto, uint16_t port, AppId appid) { if (proto == IpProtocol::TCP) diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index c8c69b45c..d1c721754 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -72,6 +72,8 @@ enum SnortProtoIdIndex class AppIdInspector; class PatternClientDetector; class PatternServiceDetector; +class SipUdpClientDetector; +class SipServiceDetector; class AppIdConfig { @@ -247,6 +249,9 @@ public: void add_protocol_service_id(IpProtocol, AppId); AppId get_port_service_id(IpProtocol, uint16_t); AppId get_protocol_service_id(IpProtocol); + void set_client_and_service_detectors(); + SipUdpClientDetector* get_sip_client_detector(); + SipServiceDetector* get_sip_service_detector(); private: AppInfoManager app_info_mgr; diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index c50f180ca..728ac4762 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -411,6 +411,8 @@ static int reload_detectors(lua_State* L) OdpContext& odp_ctxt = ctxt.get_odp_ctxt(); odp_ctxt.get_client_disco_mgr().initialize(*inspector); odp_ctxt.get_service_disco_mgr().initialize(*inspector); + odp_ctxt.set_client_and_service_detectors(); + odp_thread_local_ctxt->initialize(SnortConfig::get_conf(), ctxt, true, true); odp_ctxt.initialize(*inspector); diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index c3a221fd7..003f6ab4f 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -97,6 +97,15 @@ unsigned ClientDiscovery::get_pattern_count() return tcp_pattern_count + udp_pattern_count; } +ClientDetector* ClientDiscovery::get_client_detector(const std::string& name) const +{ + auto det = tcp_detectors.find(name); + if (det != tcp_detectors.end()) + return (ClientDetector*) det->second; + + return nullptr; +} + /* * Callback function for string search * diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.h b/src/network_inspectors/appid/client_plugins/client_discovery.h index 3cbf54923..e92dc2b91 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.h +++ b/src/network_inspectors/appid/client_plugins/client_discovery.h @@ -50,6 +50,7 @@ public: unsigned get_pattern_count(); bool do_client_discovery(AppIdSession&, snort::Packet*, AppidSessionDirection direction, AppidChangeBits& change_bits); + ClientDetector* get_client_detector(const std::string&) const; private: void exec_client_detectors(AppIdSession&, snort::Packet*, diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc index fed2b1698..c31a0361b 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc @@ -156,8 +156,6 @@ struct ImapDetectorData int need_continue; }; -static ImapClientDetector* imap_client_detector; - static int isImapTagChar(uint8_t tag) { /* Per RFC 3501 @@ -493,7 +491,6 @@ static std::array eoc = ImapClientDetector::ImapClientDetector(ClientDiscovery* cdm) { - imap_client_detector = this; handler = cdm; name = "IMAP"; proto = IpProtocol::TCP; @@ -860,6 +857,9 @@ ImapServiceDetector::ImapServiceDetector(ServiceDiscovery* sd) int ImapServiceDetector::validate(AppIdDiscoveryArgs& args) { + if (!imap_client_detector) + return APPID_NOMATCH; + ImapDetectorData* dd; ImapServiceData* id; diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.h b/src/network_inspectors/appid/detector_plugins/detector_imap.h index af755d233..705cbdabd 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_imap.h +++ b/src/network_inspectors/appid/detector_plugins/detector_imap.h @@ -50,6 +50,13 @@ public: ImapServiceDetector(ServiceDiscovery*); int validate(AppIdDiscoveryArgs&) override; + void set_client_detector(ImapClientDetector* c) + { + imap_client_detector = c; + } + +private: + ImapClientDetector* imap_client_detector = nullptr; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc index ce411372a..4cda5631f 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc @@ -111,10 +111,7 @@ struct KerberosDetectorData #define TGS_REP_MSG_TYPE 0x0d #define ERROR_MSG_TYPE 0x1e -static KerberosClientDetector* krb_client_detector; -static KerberosServiceDetector* krb_service_detector; - -static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_t* end, +int KerberosServiceDetector::krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_t* end, AppIdSession& asd, Packet* pkt, const AppidSessionDirection dir, const char* reqCname, AppidChangeBits& change_bits) { @@ -411,21 +408,19 @@ static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_ /*end of server response message */ if (krbs->flags & KRB_FLAG_SERVICE_DETECTED) if (!asd.is_service_detected() && pkt) - krb_service_detector->add_service(change_bits, asd, pkt, dir, APP_ID_KERBEROS, - nullptr, krbs->ver, nullptr); + this->add_service(change_bits, asd, pkt, dir, APP_ID_KERBEROS, nullptr, krbs->ver, nullptr); if (krbs->flags & KRB_FLAG_AUTH_FAILED) { if (krb_client_detector->failed_login && ((krbs->flags & KRB_FLAG_USER_DETECTED) || reqCname)) { - krb_service_detector->add_user(asd, - (krbs->flags & KRB_FLAG_USER_DETECTED) ? krbs->cname : reqCname, + this->add_user(asd, (krbs->flags & KRB_FLAG_USER_DETECTED) ? krbs->cname : reqCname, APP_ID_LDAP, false, change_bits); } } else if (krbs->flags & KRB_FLAG_USER_DETECTED) - krb_service_detector->add_user(asd, krbs->cname, APP_ID_LDAP, true, change_bits); + this->add_user(asd, krbs->cname, APP_ID_LDAP, true, change_bits); krbs->flags = 0; } @@ -440,7 +435,6 @@ static const uint8_t TGS_REP_4[] = "\x0a0\x003\x002\x001\x004\x0a1\x003\x002\x00 KerberosServiceDetector::KerberosServiceDetector(ServiceDiscovery* sd) { - krb_service_detector = this; handler = sd; name = "kerberos"; proto = IpProtocol::TCP; @@ -474,6 +468,9 @@ KerberosServiceDetector::KerberosServiceDetector(ServiceDiscovery* sd) int KerberosServiceDetector::validate(AppIdDiscoveryArgs& args) { + if (!krb_client_detector) + return APPID_NOMATCH; + KerberosDetectorData* fd; const uint8_t* s = args.data; const uint8_t* end = (args.data + args.size); @@ -525,7 +522,6 @@ static const uint8_t TGS_REQ_4[] = "\x0a1\x003\x002\x001\x004\x0a2\x003\x002\x00 KerberosClientDetector::KerberosClientDetector(ClientDiscovery* cdm) { - krb_client_detector = this; handler = cdm; name = "kerberos"; proto = IpProtocol::TCP; @@ -641,7 +637,7 @@ int KerberosClientDetector::krb_walk_client_packet(KRBState* krbs, const uint8_t krbs->tag = *s; if (krbs->tag == 0xa4 && (krbs->msg_type == AS_REQ_MSG_TYPE || krbs->msg_type == TGS_REQ_MSG_TYPE) - && krb_client_detector->failed_login) + && this->failed_login) { krbs->next_state = KRB_STATE_REQBODY_SEQ; } @@ -891,6 +887,9 @@ KerberosDetectorData* KerberosClientDetector::get_common_data(AppIdSession& asd) int KerberosClientDetector::validate(AppIdDiscoveryArgs& args) { + if (!krb_service_detector) + return APPID_NOMATCH; + const uint8_t* s = args.data; const uint8_t* end = (args.data + args.size); @@ -914,7 +913,7 @@ int KerberosClientDetector::validate(AppIdDiscoveryArgs& args) return APPID_SUCCESS; } } - else if (krb_walk_server_packet(&fd->svr_state, s, end, args.asd, nullptr, args.dir, + else if (krb_service_detector->krb_walk_server_packet(&fd->svr_state, s, end, args.asd, nullptr, args.dir, fd->clnt_state.cname, args.change_bits) == KRB_FAILED) { args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS); diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.h b/src/network_inspectors/appid/detector_plugins/detector_kerberos.h index 392ddff77..6d5255a48 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.h +++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.h @@ -22,11 +22,18 @@ #ifndef DETECTOR_KERBEROS_H #define DETECTOR_KERBEROS_H +#include "protocols/packet.h" #include "client_plugins/client_detector.h" #include "service_plugins/service_detector.h" +namespace snort +{ +struct Packet; +} + struct KRBState; struct KerberosDetectorData; +class KerberosServiceDetector; class KerberosClientDetector : public ClientDetector { @@ -35,12 +42,17 @@ public: int validate(AppIdDiscoveryArgs&) override; KerberosDetectorData* get_common_data(AppIdSession&); + void set_service_detector(KerberosServiceDetector* s) + { + krb_service_detector = s; + } bool failed_login = false; private: int krb_walk_client_packet(KRBState*, const uint8_t*, const uint8_t*, AppIdSession&, AppidChangeBits&); + KerberosServiceDetector* krb_service_detector = nullptr; }; class KerberosServiceDetector : public ServiceDetector @@ -49,6 +61,15 @@ public: KerberosServiceDetector(ServiceDiscovery*); int validate(AppIdDiscoveryArgs&) override; + int krb_walk_server_packet(KRBState*, const uint8_t*, const uint8_t*, AppIdSession&, snort::Packet*, + const AppidSessionDirection, const char*, AppidChangeBits&); + void set_client_detector(KerberosClientDetector* c) + { + krb_client_detector = c; + } + +private: + KerberosClientDetector* krb_client_detector = nullptr; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc index 6a1d84cb4..2c7be5a68 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc @@ -129,9 +129,6 @@ struct POP3DetectorData int need_continue; }; -static Pop3ClientDetector* pop3_client_detector; -static Pop3ServiceDetector* pop3_service_detector; - static AppIdFlowContentPattern pop3_client_patterns[] = { { USER, sizeof(USER)-1, 0, 1, 0 }, @@ -205,7 +202,6 @@ Pop3ClientDetector::Pop3ClientDetector(ClientDiscovery* cdm) { APP_ID_POP3S, APPINFO_FLAG_SERVICE_ADDITIONAL | APPINFO_FLAG_CLIENT_USER } }; - pop3_client_detector = this; handler->register_detector(name, this, proto); } @@ -292,7 +288,7 @@ static int pop3_check_line(const uint8_t** data, const uint8_t* end) return 1; } -static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint16_t size, +int Pop3ServiceDetector::pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint16_t size, AppIdSession& asd, int server, AppidChangeBits& change_bits) { ServicePOP3Data* pd = &dd->server; @@ -355,7 +351,7 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1 { if (pd->error) { - pop3_service_detector->add_user(asd, dd->client.username, APP_ID_POP3, false, change_bits); + this->add_user(asd, dd->client.username, APP_ID_POP3, false, change_bits); snort_free(dd->client.username); dd->client.username = nullptr; } @@ -363,7 +359,7 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1 { if (dd->client.state == POP3_CLIENT_STATE_TRANS) { - pop3_service_detector->add_user(asd, dd->client.username, APP_ID_POP3, true, change_bits); + this->add_user(asd, dd->client.username, APP_ID_POP3, true, change_bits); snort_free(dd->client.username); dd->client.username = nullptr; dd->need_continue = 0; @@ -567,6 +563,9 @@ POP3DetectorData* Pop3ClientDetector::get_common_data(AppIdSession& asd) int Pop3ClientDetector::validate(AppIdDiscoveryArgs& args) { + if (!pop3_service_detector) + return APPID_NOMATCH; + const uint8_t* s = args.data; const uint8_t* end = (args.data + args.size); unsigned length; @@ -583,7 +582,7 @@ int Pop3ClientDetector::validate(AppIdDiscoveryArgs& args) if (args.dir == APP_ID_FROM_RESPONDER) { - if (pop3_server_validate(dd, args.data, args.size, args.asd, 0, args.change_bits)) + if (pop3_service_detector->pop3_server_validate(dd, args.data, args.size, args.asd, 0, args.change_bits)) args.asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS); return APPID_INPROCESS; } @@ -765,13 +764,15 @@ Pop3ServiceDetector::Pop3ServiceDetector(ServiceDiscovery* sd) { POP3_PORT, IpProtocol::TCP, false } }; - pop3_service_detector = this; handler->register_detector(name, this, proto); } int Pop3ServiceDetector::validate(AppIdDiscoveryArgs& args) { + if (!pop3_client_detector) + return APPID_NOMATCH; + POP3DetectorData* dd; ServicePOP3Data* pd; diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.h b/src/network_inspectors/appid/detector_plugins/detector_pop3.h index 4c2f54ecf..3a52f7b46 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pop3.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.h @@ -26,6 +26,7 @@ #include "service_plugins/service_detector.h" struct POP3DetectorData; +class Pop3ServiceDetector; class Pop3ClientDetector : public ClientDetector { @@ -37,10 +38,15 @@ public: void do_custom_reload() override; int validate(AppIdDiscoveryArgs&) override; POP3DetectorData* get_common_data(AppIdSession&); + void set_service_detector(Pop3ServiceDetector* s) + { + pop3_service_detector = s; + } private: snort::SearchTool* cmd_matcher = nullptr; unsigned longest_pattern = 0; + Pop3ServiceDetector* pop3_service_detector = nullptr; }; class Pop3ServiceDetector : public ServiceDetector @@ -49,6 +55,14 @@ public: Pop3ServiceDetector(ServiceDiscovery*); int validate(AppIdDiscoveryArgs&) override; + void set_client_detector(Pop3ClientDetector* c) + { + pop3_client_detector = c; + } + int pop3_server_validate(POP3DetectorData*, const uint8_t*, uint16_t, AppIdSession&, int, AppidChangeBits&); + +private: + Pop3ClientDetector* pop3_client_detector = nullptr; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index 44c5a627e..c2c1c259a 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -108,7 +108,6 @@ SipUdpClientDetector::SipUdpClientDetector(ClientDiscovery* cdm) { APP_ID_SIP, APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER }, }; - SipEventHandler::set_client(this); handler->register_detector(name, this, proto); } @@ -273,7 +272,6 @@ SipServiceDetector::SipServiceDetector(ServiceDiscovery* sd) { SIP_PORT, IpProtocol::TCP, false } }; - SipEventHandler::set_service(this); handler->register_detector(name, this, proto); } @@ -305,9 +303,7 @@ int SipServiceDetector::validate(AppIdDiscoveryArgs& args) return APPID_INPROCESS; } -SipUdpClientDetector* SipEventHandler::client = nullptr; #endif -SipServiceDetector* SipEventHandler::service = nullptr; void SipEventHandler::handle(DataEvent& event, Flow* flow) { @@ -346,6 +342,10 @@ void SipEventHandler::client_handler(SipEvent& sip_event, AppIdSession& asd, AppId client_id = APP_ID_SIP; char* client_version = nullptr; + SipUdpClientDetector* client = pkt_thread_odp_ctxt->get_sip_client_detector(); + if (!client) + return; + ClientSIPData* fd = (ClientSIPData*)client->data_get(asd); if ( !fd ) { @@ -403,6 +403,10 @@ success: void SipEventHandler::service_handler(SipEvent& sip_event, AppIdSession& asd, AppidChangeBits& change_bits) { + SipServiceDetector* service = pkt_thread_odp_ctxt->get_sip_service_detector(); + if (!service) + return; + ServiceSIPData* ss = (ServiceSIPData*)service->data_get(asd); if ( !ss ) { diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.h b/src/network_inspectors/appid/detector_plugins/detector_sip.h index 88cf381ff..fbab1ceec 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.h +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.h @@ -74,17 +74,12 @@ public: DataHandler(MOD_NAME), inspector(inspector) { } - static void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; } - static void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; } - void handle(snort::DataEvent&, snort::Flow*) override; private: void client_handler(SipEvent&, AppIdSession&, AppidChangeBits&); void service_handler(SipEvent&, AppIdSession&, AppidChangeBits&); - static SipUdpClientDetector* client; - static SipServiceDetector* service; AppIdInspector& inspector; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc index 45e7f6b49..869d3330a 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc @@ -126,8 +126,6 @@ static const uint8_t APP_SMTP_THUNDERBIRD[] = "Thunderbird "; static const uint8_t APP_SMTP_MOZILLA[] = "Mozilla"; static const uint8_t APP_SMTP_THUNDERBIRD_SHORT[] = "Thunderbird/"; -static SmtpClientDetector* smtp_client_detector; - SmtpClientDetector::SmtpClientDetector(ClientDiscovery* cdm) { handler = cdm; @@ -175,7 +173,6 @@ SmtpClientDetector::SmtpClientDetector(ClientDiscovery* cdm) { APP_ID_SMTPS, APPINFO_FLAG_CLIENT_ADDITIONAL } }; - smtp_client_detector = this; handler->register_detector(name, this, proto); } @@ -769,6 +766,9 @@ static inline int smtp_validate_reply(const uint8_t* data, uint16_t* offset, uin int SmtpServiceDetector::validate(AppIdDiscoveryArgs& args) { + if (!smtp_client_detector) + return APPID_NOMATCH; + SMTPDetectorData* dd = smtp_client_detector->get_common_data(args.asd); if ( !dd ) return APPID_ENOMEM; diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.h b/src/network_inspectors/appid/detector_plugins/detector_smtp.h index 3864fb48f..118caa540 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_smtp.h +++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.h @@ -51,6 +51,13 @@ public: SmtpServiceDetector(ServiceDiscovery*); int validate(AppIdDiscoveryArgs&) override; + void set_client_detector(SmtpClientDetector* c) + { + smtp_client_detector = c; + } + +private: + SmtpClientDetector* smtp_client_detector = nullptr; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc index 0eed093ce..ef1208e3a 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc @@ -109,6 +109,8 @@ void OdpContext::initialize(AppIdInspector&) sip_matchers.finalize_patterns(*this); } +SipUdpClientDetector* OdpContext::get_sip_client_detector() { return &cd; } + void SipPatternMatchers::finalize_patterns(OdpContext&) { sip_ua_matcher = mlmpCreate(); @@ -177,7 +179,6 @@ bool SipEvent::is_invite() const { return false; } bool SipEvent::is_dialog_established() const { return false; } int SipPatternMatchers::get_client_from_ua(char const*, unsigned int, int&, char*&) { return 0; } // LCOV_EXCL_LINE void SipEventHandler::service_handler(SipEvent&, AppIdSession&, AppidChangeBits&) { } -SipUdpClientDetector* SipEventHandler::client = &cd; void* AppIdDetector::data_get(AppIdSession&) { diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 847b800b0..797bd25e6 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -163,6 +163,15 @@ unsigned ServiceDiscovery::get_pattern_count() return tcp_pattern_count + udp_pattern_count; } +ServiceDetector* ServiceDiscovery::get_service_detector(const std::string& name) const +{ + auto det = tcp_detectors.find(name); + if (det != tcp_detectors.end()) + return (ServiceDetector*) det->second; + + return nullptr; +} + int ServiceDiscovery::add_service_port(AppIdDetector* detector, const ServiceDetectorPort& pp) { ServiceDetector* service = static_cast(detector); diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.h b/src/network_inspectors/appid/service_plugins/service_discovery.h index 258ca426c..20d472cf8 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.h +++ b/src/network_inspectors/appid/service_plugins/service_discovery.h @@ -84,6 +84,8 @@ public: static void clear_ftp_service_state(); static void set_thread_local_ftp_service(); static void reset_thread_local_ftp_service(); + ServiceDetector* get_service_detector(const std::string&) const; + private: void get_next_service(const snort::Packet*, const AppidSessionDirection dir, AppIdSession&); void get_port_based_services(IpProtocol, uint16_t port, AppIdSession&);