From: Shravan Rangarajuvenkata (shrarang) Date: Mon, 5 Oct 2020 17:15:58 +0000 (+0000) Subject: Merge pull request #2523 in SNORT/snort3 from ~SHRARANG/snort3:appid_hyperscan2 to... X-Git-Tag: 3.0.3-2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4573beebaf77dd80e761e84e76cc0f472ae13532;p=thirdparty%2Fsnort3.git Merge pull request #2523 in SNORT/snort3 from ~SHRARANG/snort3:appid_hyperscan2 to master Squashed commit of the following: commit 10daec6eded4cc3b3543835d618b1cf5c5c4e05d Author: Shravan Rangaraju Date: Mon Sep 28 16:05:54 2020 -0400 appid: reload detector patterns on reload_config for the sake of hyperscan --- diff --git a/src/framework/mpse.h b/src/framework/mpse.h index cd767baa4..a09b237bb 100644 --- a/src/framework/mpse.h +++ b/src/framework/mpse.h @@ -79,6 +79,8 @@ public: virtual int prep_patterns(SnortConfig*) = 0; + virtual void reuse_search() { } + int search( const uint8_t* T, int n, MpseMatch, void* context, int* current_state); diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 72e3daa35..0ebf394ae 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -110,8 +110,6 @@ bool AppIdContext::init_appid(SnortConfig* sc) if (!odp_thread_local_ctxt) odp_thread_local_ctxt = new OdpThreadContext(true); - // FIXIT-M: RELOAD - Get rid of "once" flag - // Handle the if condition in AppIdContext::init_appid static bool once = false; if (!once) { @@ -125,6 +123,12 @@ bool AppIdContext::init_appid(SnortConfig* sc) tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt); once = true; } + else + { + odp_ctxt->get_client_disco_mgr().reload(); + odp_ctxt->get_service_disco_mgr().reload(); + odp_ctxt->reload(); + } map_app_names_to_snort_ids(sc, config); return true; @@ -165,7 +169,7 @@ void OdpContext::initialize() service_pattern_detector->finalize_service_port_patterns(); client_pattern_detector->finalize_client_port_patterns(); service_disco_mgr.finalize_service_patterns(); - client_disco_mgr.finalize_client_plugins(); + client_disco_mgr.finalize_client_patterns(); http_matchers.finalize_patterns(); // sip patterns need to be finalized after http patterns because they // are dependent on http patterns @@ -174,6 +178,20 @@ void OdpContext::initialize() dns_matchers.finalize_patterns(); } +void OdpContext::reload() +{ + assert(service_pattern_detector); + service_pattern_detector->reload_service_port_patterns(); + assert(client_pattern_detector); + client_pattern_detector->reload_client_port_patterns(); + service_disco_mgr.reload_service_patterns(); + client_disco_mgr.reload_client_patterns(); + http_matchers.reload_patterns(); + sip_matchers.reload_patterns(); + ssl_matchers.reload_patterns(); + dns_matchers.reload_patterns(); +} + void OdpContext::add_port_service_id(IpProtocol proto, uint16_t port, AppId appid) { if (proto == IpProtocol::TCP) diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 29c0b47fa..4452e6e4d 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -121,6 +121,7 @@ public: OdpContext(const AppIdConfig&, snort::SnortConfig*); ~OdpContext(); void initialize(); + void reload(); uint32_t get_version() const { diff --git a/src/network_inspectors/appid/appid_detector.cc b/src/network_inspectors/appid/appid_detector.cc index a342832a7..9296eb0b0 100644 --- a/src/network_inspectors/appid/appid_detector.cc +++ b/src/network_inspectors/appid/appid_detector.cc @@ -48,7 +48,6 @@ int AppIdDetector::initialize() if (!appid_registry.empty()) { - // FIXIT-M: RELOAD - to support ODP reload, store ODP context in AppIdDetector AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME); assert(inspector); AppIdContext& ctxt = inspector->get_ctxt(); @@ -64,6 +63,11 @@ int AppIdDetector::initialize() return APPID_SUCCESS; } +void AppIdDetector::reload() +{ + do_custom_reload(); +} + void* AppIdDetector::data_get(AppIdSession& asd) { return asd.get_flow_data(flow_data_index); diff --git a/src/network_inspectors/appid/appid_detector.h b/src/network_inspectors/appid/appid_detector.h index 7629a410e..c2e34d674 100644 --- a/src/network_inspectors/appid/appid_detector.h +++ b/src/network_inspectors/appid/appid_detector.h @@ -111,7 +111,9 @@ public: virtual ~AppIdDetector() = default; virtual int initialize(); - virtual void do_custom_init() = 0; + virtual void reload(); + virtual void do_custom_init() { } + virtual void do_custom_reload() { } virtual int validate(AppIdDiscoveryArgs&) = 0; virtual void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) = 0; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 86317c457..cc9d484af 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -49,12 +49,6 @@ #include "tp_appid_utils.h" using namespace snort; -AppIdDiscovery::AppIdDiscovery() -{ - tcp_patterns = new SearchTool; - udp_patterns = new SearchTool; -} - AppIdDiscovery::~AppIdDiscovery() { for (auto pd : pattern_data) @@ -62,9 +56,6 @@ AppIdDiscovery::~AppIdDiscovery() pattern_data.clear(); - delete tcp_patterns; - delete udp_patterns; - for (auto kv : tcp_detectors) delete kv.second; @@ -87,12 +78,12 @@ void AppIdDiscovery::register_detector(const std::string& name, AppIdDetector* c ErrorMessage("Detector %s has unsupported protocol %u", name.c_str(), (unsigned)proto); } -void AppIdDiscovery::add_pattern_data(AppIdDetector* detector, SearchTool* st, int position, const +void AppIdDiscovery::add_pattern_data(AppIdDetector* detector, SearchTool& st, int position, const uint8_t* const pattern, unsigned size, unsigned nocase) { AppIdPatternMatchNode* pd = new AppIdPatternMatchNode(detector, position, size); pattern_data.emplace_back(pd); - st->add((const char*)pattern, size, pd, nocase); + st.add((const char*)pattern, size, pd, nocase); } void AppIdDiscovery::register_tcp_pattern(AppIdDetector* detector, const uint8_t* const pattern, diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index a0c037ef0..86d2e5e3e 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -94,7 +94,7 @@ typedef AppIdDetectors::iterator AppIdDetectorsIterator; class AppIdDiscovery { public: - AppIdDiscovery(); + AppIdDiscovery() { } virtual ~AppIdDiscovery(); AppIdDiscovery(const AppIdDiscovery&) = delete; @@ -103,8 +103,9 @@ public: static void tterm(); virtual void initialize() = 0; + virtual void reload() = 0; virtual void register_detector(const std::string&, AppIdDetector*, IpProtocol); - virtual void add_pattern_data(AppIdDetector*, snort::SearchTool*, int position, + virtual void add_pattern_data(AppIdDetector*, snort::SearchTool&, int position, const uint8_t* const pattern, unsigned size, unsigned nocase); virtual void register_tcp_pattern(AppIdDetector*, const uint8_t* const pattern, unsigned size, int position, unsigned nocase); @@ -128,9 +129,9 @@ public: protected: AppIdDetectors tcp_detectors; AppIdDetectors udp_detectors; - snort::SearchTool* tcp_patterns = nullptr; + snort::SearchTool tcp_patterns; int tcp_pattern_count = 0; - snort::SearchTool* udp_patterns = nullptr; + snort::SearchTool udp_patterns; int udp_pattern_count = 0; std::vector pattern_data; diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc index 6eb3668dd..f99b30cc4 100644 --- a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc +++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc @@ -114,6 +114,12 @@ int mlmpProcessPatterns(tMlmpTree* root) return rvalue; } +void mlmp_reload_patterns(tMlmpTree& root) +{ + assert(root.patternTree); + root.patternTree->reload(); +} + void* mlmpMatchPatternUrl(tMlmpTree* root, tMlmpPattern* inputPatternList) { return mlmpMatchPatternCustom(root, inputPatternList, urlPatternSelector); diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.h b/src/network_inspectors/appid/appid_utils/sf_mlmp.h index 351cf9a3a..d995bf09b 100644 --- a/src/network_inspectors/appid/appid_utils/sf_mlmp.h +++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.h @@ -48,6 +48,7 @@ struct tMlmpTree; tMlmpTree* mlmpCreate(); int mlmpAddPattern(tMlmpTree*, const tMlmpPattern*, void* metaData); int mlmpProcessPatterns(tMlmpTree*); +void mlmp_reload_patterns(tMlmpTree&); void* mlmpMatchPatternUrl(tMlmpTree*, tMlmpPattern*); void* mlmpMatchPatternGeneric(tMlmpTree*, tMlmpPattern*); void mlmpDestroy(tMlmpTree*); diff --git a/src/network_inspectors/appid/client_plugins/client_detector.h b/src/network_inspectors/appid/client_plugins/client_detector.h index 6a04fdcc1..9ace84f97 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.h +++ b/src/network_inspectors/appid/client_plugins/client_detector.h @@ -32,7 +32,6 @@ class ClientDetector : public AppIdDetector public: ClientDetector(); - void do_custom_init() override { } void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) override; }; #endif diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index 43bff866c..43b447215 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -76,13 +76,24 @@ void ClientDiscovery::initialize() kv.second->initialize(); } -void ClientDiscovery::finalize_client_plugins() +void ClientDiscovery::reload() { - if ( tcp_patterns ) - tcp_patterns->prep(); + for ( auto kv : tcp_detectors ) + kv.second->reload(); + for ( auto kv : udp_detectors ) + kv.second->reload(); +} - if ( udp_patterns ) - udp_patterns->prep(); +void ClientDiscovery::finalize_client_patterns() +{ + tcp_patterns.prep(); + udp_patterns.prep(); +} + +void ClientDiscovery::reload_client_patterns() +{ + tcp_patterns.reload(); + udp_patterns.reload(); } /* @@ -189,9 +200,9 @@ ClientAppMatch* ClientDiscovery::find_detector_candidates(const Packet* pkt, con SearchTool* patterns; if (asd.protocol == IpProtocol::TCP) - patterns = asd.get_odp_ctxt().get_client_disco_mgr().tcp_patterns; + patterns = &asd.get_odp_ctxt().get_client_disco_mgr().tcp_patterns; else - patterns = asd.get_odp_ctxt().get_client_disco_mgr().udp_patterns; + patterns = &asd.get_odp_ctxt().get_client_disco_mgr().udp_patterns; if ( patterns ) patterns->find_all((const char*)pkt->data, pkt->dsize, &pattern_match, false, (void*)&match_list); diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.h b/src/network_inspectors/appid/client_plugins/client_discovery.h index bb33fb4f6..20b8d7ef9 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.h +++ b/src/network_inspectors/appid/client_plugins/client_discovery.h @@ -42,8 +42,10 @@ class ClientDiscovery : public AppIdDiscovery { public: void initialize() override; + void reload() override; - void finalize_client_plugins(); + void finalize_client_patterns(); + void reload_client_patterns(); bool do_client_discovery(AppIdSession&, snort::Packet*, AppidSessionDirection direction, AppidChangeBits& change_bits); diff --git a/src/network_inspectors/appid/client_plugins/test/client_app_aim_test.cc b/src/network_inspectors/appid/client_plugins/test/client_app_aim_test.cc index 9572c2566..7225cc625 100644 --- a/src/network_inspectors/appid/client_plugins/test/client_app_aim_test.cc +++ b/src/network_inspectors/appid/client_plugins/test/client_app_aim_test.cc @@ -32,6 +32,7 @@ #include void ServiceDiscovery::initialize() {} +void ServiceDiscovery::reload() {} int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDirection, ServiceDetector*, ServiceDiscoveryState*) { return 0; } int ServiceDiscovery::add_service_port(AppIdDetector*, diff --git a/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h b/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h index 8c0f94f1b..d978a82d8 100644 --- a/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h +++ b/src/network_inspectors/appid/client_plugins/test/client_plugin_mock.h @@ -73,14 +73,16 @@ SipPatternMatchers::~SipPatternMatchers() { } HttpPatternMatchers::~HttpPatternMatchers() { } DnsPatternMatchers::~DnsPatternMatchers() { } void ClientDiscovery::initialize() {} +void ClientDiscovery::reload() {} int AppIdDetector::initialize(){return 0;} +void AppIdDetector::reload() { } int AppIdDetector::data_add(AppIdSession&, void*, AppIdFreeFCN){return 0;} void* AppIdDetector::data_get(AppIdSession&) {return nullptr;} void AppIdDetector::add_user(AppIdSession&, const char*, AppId, bool){} void AppIdDetector::add_payload(AppIdSession&, AppId){} void AppIdDetector::add_app(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppId, const char*, AppidChangeBits&){} -void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, +void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, const uint8_t* const, unsigned, unsigned){} void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol){} void add_pattern_data(AppIdDetector*, snort::SearchTool*, int, @@ -92,7 +94,6 @@ void AppIdDiscovery::register_udp_pattern(AppIdDetector*, const uint8_t* const, int AppIdDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&){return 0;} void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&){} void ApplicationDescriptor::set_id(AppId){} -AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc index 6d3c7df30..71f3558f4 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc @@ -536,6 +536,12 @@ void ImapClientDetector::do_custom_init() cmd_matcher->prep(); } +void ImapClientDetector::do_custom_reload() +{ + assert(cmd_matcher); + cmd_matcher->reload(); +} + static int pattern_match(void* id, void*, int match_end_pos, void* data, void*) { unsigned long idx = (unsigned long)id; diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.h b/src/network_inspectors/appid/detector_plugins/detector_imap.h index bd0a2844b..c4c2ec89d 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_imap.h +++ b/src/network_inspectors/appid/detector_plugins/detector_imap.h @@ -35,6 +35,7 @@ public: ~ImapClientDetector() override; void do_custom_init() override; + void do_custom_reload() override; int validate(AppIdDiscoveryArgs&) override; ImapDetectorData* get_common_data(AppIdSession&); diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index e39ad6239..39dc1debb 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -126,19 +126,14 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser } } -static void register_pattern(SearchTool** patterns, Pattern* pattern) +static void register_pattern(SearchTool*& patterns, Pattern* pattern) { - if (!*patterns) + if (!patterns) { - *patterns = new SearchTool; - if (!*patterns) - { - ErrorMessage("Error initializing the pattern table\n"); - return; - } + patterns = new SearchTool; } - (*patterns)->add((char*)pattern->data, pattern->length, pattern, false); + patterns->add((char*)pattern->data, pattern->length, pattern, false); } struct PServiceMatch @@ -284,10 +279,10 @@ void PatternServiceDetector::create_service_pattern_trees() for (PortNode* port = ps->port; port; port = port->next) for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) if (ps->proto == IpProtocol::TCP) - register_pattern(&tcp_port_pattern_tree[port->port], + register_pattern(tcp_port_pattern_tree[port->port], pattern); else - register_pattern(&udp_port_pattern_tree[port->port], + register_pattern(udp_port_pattern_tree[port->port], pattern); for (unsigned i = 0; i < 65536; i++) @@ -300,7 +295,7 @@ void PatternServiceDetector::create_service_pattern_trees() continue; for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) - register_pattern(&tcp_port_pattern_tree[i], pattern); + register_pattern(tcp_port_pattern_tree[i], pattern); } tcp_port_pattern_tree[i]->prep(); @@ -314,7 +309,7 @@ void PatternServiceDetector::create_service_pattern_trees() continue; for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) - register_pattern(&udp_port_pattern_tree[i], pattern); + register_pattern(udp_port_pattern_tree[i], pattern); } udp_port_pattern_tree[i]->prep(); @@ -340,13 +335,13 @@ void PatternServiceDetector::register_service_patterns() { handler->register_tcp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); - register_pattern(&tcp_pattern_matcher, pattern); + register_pattern(tcp_pattern_matcher, pattern); } else { handler->register_udp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); - register_pattern(&udp_pattern_matcher, pattern); + register_pattern(udp_pattern_matcher, pattern); } } } @@ -418,6 +413,24 @@ void PatternServiceDetector::finalize_service_port_patterns() dump_patterns("Server", service_port_pattern); } +void PatternServiceDetector::reload_service_port_patterns() +{ + for (unsigned i = 0; i < 65536; i++) + { + if (tcp_port_pattern_tree[i]) + tcp_port_pattern_tree[i]->reload(); + + if (udp_port_pattern_tree[i]) + udp_port_pattern_tree[i]->reload(); + } + + if (tcp_pattern_matcher) + tcp_pattern_matcher->reload(); + + if (udp_pattern_matcher) + udp_pattern_matcher->reload(); +} + PatternServiceDetector::PatternServiceDetector(ServiceDiscovery* sd) { handler = sd; @@ -562,9 +575,9 @@ void PatternClientDetector::create_client_pattern_trees() for ( Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) { if (ps->proto == IpProtocol::TCP) - register_pattern(&tcp_pattern_matcher, pattern); + register_pattern(tcp_pattern_matcher, pattern); else - register_pattern(&udp_pattern_matcher, pattern); + register_pattern(udp_pattern_matcher, pattern); } } } @@ -606,13 +619,13 @@ void PatternClientDetector::register_client_patterns() { handler->register_tcp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); - register_pattern(&tcp_pattern_matcher, pattern); + register_pattern(tcp_pattern_matcher, pattern); } else { handler->register_udp_pattern(this, pattern->data, pattern->length, pattern->offset, 0); - register_pattern(&udp_pattern_matcher, pattern); + register_pattern(udp_pattern_matcher, pattern); } } ps->count++; @@ -633,3 +646,12 @@ void PatternClientDetector::finalize_client_port_patterns() dump_patterns("Client", service_port_pattern); } +void PatternClientDetector::reload_client_port_patterns() +{ + if (tcp_pattern_matcher) + tcp_pattern_matcher->reload(); + + if (udp_pattern_matcher) + udp_pattern_matcher->reload(); +} + diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.h b/src/network_inspectors/appid/detector_plugins/detector_pattern.h index 696a2e2cf..cfeae4fe0 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.h @@ -79,6 +79,7 @@ public: void insert_client_port_pattern(PortPatternNode*); void finalize_client_port_patterns(); + void reload_client_port_patterns(); int validate(AppIdDiscoveryArgs&) override; @@ -100,6 +101,7 @@ public: void insert_service_port_pattern(PortPatternNode*); void finalize_service_port_patterns(); + void reload_service_port_patterns(); int validate(AppIdDiscoveryArgs&) override; diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc index 7dfbe3505..81cf8ec89 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc @@ -235,6 +235,12 @@ void Pop3ClientDetector::do_custom_init() cmd_matcher->prep(); } +void Pop3ClientDetector::do_custom_reload() +{ + assert(cmd_matcher); + cmd_matcher->reload(); +} + static int pop3_pattern_match(void* id, void*, int match_end_pos, void* data, void*) { unsigned long idx = (unsigned long)id; diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.h b/src/network_inspectors/appid/detector_plugins/detector_pop3.h index 8a5213a07..49d4ad813 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pop3.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.h @@ -34,6 +34,7 @@ public: ~Pop3ClientDetector() override; void do_custom_init() override; + void do_custom_reload() override; int validate(AppIdDiscoveryArgs&) override; POP3DetectorData* get_common_data(AppIdSession&); diff --git a/src/network_inspectors/appid/detector_plugins/dns_patterns.cc b/src/network_inspectors/appid/detector_plugins/dns_patterns.cc index 209fcbe3c..0ecb6701b 100644 --- a/src/network_inspectors/appid/detector_plugins/dns_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/dns_patterns.cc @@ -59,6 +59,11 @@ void DnsPatternMatchers::finalize_patterns() dns_host_matcher.prep(); } +void DnsPatternMatchers::reload_patterns() +{ + dns_host_matcher.reload(); +} + DnsPatternMatchers::~DnsPatternMatchers() { DnsHostPatternList* tmp_pattern; diff --git a/src/network_inspectors/appid/detector_plugins/dns_patterns.h b/src/network_inspectors/appid/detector_plugins/dns_patterns.h index 887d822c6..0fd8e7292 100644 --- a/src/network_inspectors/appid/detector_plugins/dns_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/dns_patterns.h @@ -50,6 +50,7 @@ public: ~DnsPatternMatchers(); void add_host_pattern(uint8_t*, size_t, uint8_t, AppId); void finalize_patterns(); + void reload_patterns(); int scan_hostname(const uint8_t*, size_t, AppId&, AppId&); private: diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index a2f9807ef..fc289bc70 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -363,11 +363,6 @@ HttpPatternMatchers::~HttpPatternMatchers() free_http_patterns(content_type_patterns); free_chp_app_elements(); - delete field_matcher; - - for (size_t i = 0; i < NUM_HTTP_FIELDS; i++) - delete chp_matchers[i]; - for (auto* pattern : host_url_patterns) delete pattern; host_url_patterns.clear(); @@ -666,15 +661,12 @@ int HttpPatternMatchers::process_host_patterns(DetectorHTTPPatterns& patterns) int HttpPatternMatchers::process_chp_list(CHPListElement* chplist) { - for (size_t i = 0; i < NUM_HTTP_FIELDS; i++) - chp_matchers[i] = new SearchTool; - for (CHPListElement* chpe = chplist; chpe; chpe = chpe->next) - chp_matchers[chpe->chp_action.ptype]->add(chpe->chp_action.pattern, + chp_matchers[chpe->chp_action.ptype].add(chpe->chp_action.pattern, chpe->chp_action.psize, &chpe->chp_action, true); for (size_t i = 0; i < NUM_HTTP_FIELDS; i++) - chp_matchers[i]->prep(); + chp_matchers[i].prep(); return 1; } @@ -690,13 +682,6 @@ int HttpPatternMatchers::process_chp_list(CHPListElement* chplist) #define HTTP_FIELD_PREFIX_COOKIE "\r\nCookie: " #define HTTP_FIELD_PREFIX_COOKIE_SIZE (sizeof(HTTP_FIELD_PREFIX_COOKIE)-1) -typedef struct _FIELD_PATTERN -{ - const uint8_t* data; - HttpFieldIds patternType; - unsigned length; -} FieldPattern; - static FieldPattern http_field_patterns[] = { { (const uint8_t*)HTTP_FIELD_PREFIX_URI, REQ_URI_FID, HTTP_FIELD_PREFIX_URI_SIZE }, @@ -707,17 +692,14 @@ static FieldPattern http_field_patterns[] = HTTP_FIELD_PREFIX_USER_AGENT_SIZE }, }; -static SearchTool* process_http_field_patterns(FieldPattern* patternList, +void HttpPatternMatchers::process_http_field_patterns(FieldPattern* patternList, size_t patternListCount) { - SearchTool* patternMatcher = new SearchTool; - - for (size_t i=0; i < patternListCount; i++) - patternMatcher->add( (const char*)patternList[i].data, patternList[i].length, + for (size_t i = 0; i < patternListCount; i++) + field_matcher.add( (const char*)patternList[i].data, patternList[i].length, &patternList[i], false); - patternMatcher->prep(); - return patternMatcher; + field_matcher.prep(); } static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns, bool @@ -744,13 +726,28 @@ int HttpPatternMatchers::finalize_patterns() process_patterns(content_type_matcher, content_type_patterns); uint32_t numPatterns = sizeof(http_field_patterns) / sizeof(*http_field_patterns); - field_matcher = process_http_field_patterns(http_field_patterns, numPatterns); + process_http_field_patterns(http_field_patterns, numPatterns); process_chp_list(chpList); return 0; } +void HttpPatternMatchers::reload_patterns() +{ + via_matcher.reload(); + url_matcher.reload(); + client_agent_matcher.reload(); + assert(host_url_matcher); + mlmp_reload_patterns(*host_url_matcher); + assert(rtmp_host_url_matcher); + mlmp_reload_patterns(*rtmp_host_url_matcher); + content_type_matcher.reload(); + field_matcher.reload(); + for (size_t i = 0; i < NUM_HTTP_FIELDS; i++) + chp_matchers[i].reload(); +} + typedef struct fieldPatternData_t { const uint8_t* payload; @@ -807,7 +804,7 @@ void HttpPatternMatchers::get_http_offsets(Packet* pkt, AppIdHttpSession* hsessi headerEnd += crlfcrlfLen; patternMatchData.length = (unsigned)(headerEnd - pkt->data); - field_matcher->find_all((const char*)pkt->data, patternMatchData.length, + field_matcher.find_all((const char*)pkt->data, patternMatchData.length, &http_field_pattern_match, false, (void*)(&patternMatchData)); } @@ -919,7 +916,7 @@ static void extract_chp(const char* buf, int bs, int start, int psize, char* ada void HttpPatternMatchers::scan_key_chp(ChpMatchDescriptor& cmd) { unsigned i = cmd.cur_ptype; - chp_matchers[i]->find_all(cmd.buffer[i], cmd.length[i], &chp_key_pattern_match, + chp_matchers[i].find_all(cmd.buffer[i], cmd.length[i], &chp_key_pattern_match, false, (void*)&cmd); cmd.sort_chp_matches(); } @@ -933,7 +930,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, cha if ( pt > MAX_KEY_PATTERN ) { // There is no previous attempt to match generated by scan_key_chp() - chp_matchers[pt]->find_all(cmd.buffer[pt], cmd.length[pt], &chp_pattern_match, false, + chp_matchers[pt].find_all(cmd.buffer[pt], cmd.length[pt], &chp_pattern_match, false, (void*)&cmd); } diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index 7eb6ecbe9..406a36603 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -88,6 +88,13 @@ enum DHPSequence USER_AGENT_HEADER = 5 }; +struct FieldPattern +{ + const uint8_t* data; + HttpFieldIds patternType; + unsigned length; +}; + struct DetectorHTTPPattern { bool init(const uint8_t* pat, unsigned len, DHPSequence seq, AppId service, AppId client, AppId payload, AppId app) @@ -276,6 +283,7 @@ public: ~HttpPatternMatchers(); int finalize_patterns(); + void reload_patterns(); void insert_chp_pattern(CHPListElement*); void insert_http_pattern(enum httpPatternType, DetectorHTTPPattern&); void remove_http_patterns_for_id(AppId); @@ -286,6 +294,7 @@ public: int process_chp_list(CHPListElement*); int process_host_patterns(DetectorHTTPPatterns&); int process_mlmp_patterns(); + void process_http_field_patterns(FieldPattern*, size_t); void scan_key_chp(ChpMatchDescriptor&); AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*, @@ -315,8 +324,8 @@ private: snort::SearchTool client_agent_matcher; snort::SearchTool via_matcher; snort::SearchTool content_type_matcher; - snort::SearchTool* field_matcher = nullptr; - snort::SearchTool* chp_matchers[NUM_HTTP_FIELDS] = { nullptr }; + snort::SearchTool field_matcher; + snort::SearchTool chp_matchers[NUM_HTTP_FIELDS]; tMlmpTree* host_url_matcher = nullptr; tMlmpTree* rtmp_host_url_matcher = nullptr; diff --git a/src/network_inspectors/appid/detector_plugins/sip_patterns.cc b/src/network_inspectors/appid/detector_plugins/sip_patterns.cc index 2a266cc26..2c5cdaf0d 100644 --- a/src/network_inspectors/appid/detector_plugins/sip_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/sip_patterns.cc @@ -46,7 +46,7 @@ static int add_pattern(DetectorAppSipPattern** patternList, AppId client_id, return 0; } -static int get_sip_client_app(void* pattern_matcher, const char* pattern, uint32_t pattern_len, +static int get_sip_client_app(tMlmpTree* pattern_matcher, const char* pattern, uint32_t pattern_len, AppId& client_id, char*& client_version) { tMlmpPattern patterns[3]; @@ -59,7 +59,7 @@ static int get_sip_client_app(void* pattern_matcher, const char* pattern, uint32 patterns[0].patternSize = pattern_len; patterns[1].pattern = nullptr; - data = (DetectorAppSipPattern*)mlmpMatchPatternGeneric((tMlmpTree*)pattern_matcher, patterns); + data = (DetectorAppSipPattern*)mlmpMatchPatternGeneric(pattern_matcher, patterns); if ( !data ) return 0; @@ -85,14 +85,14 @@ SipPatternMatchers::~SipPatternMatchers() { if ( sip_ua_matcher ) { - mlmpDestroy((tMlmpTree*)sip_ua_matcher); + mlmpDestroy(sip_ua_matcher); } free_patterns(sip_ua_list); if ( sip_server_matcher ) { - mlmpDestroy((tMlmpTree*)sip_server_matcher); + mlmpDestroy(sip_server_matcher); } free_patterns(sip_server_list); @@ -126,7 +126,7 @@ void SipPatternMatchers::finalize_patterns(OdpContext& odp_ctxt) (const char*)pattern_node->pattern.pattern, patterns, PATTERN_PART_MAX, 0); patterns[num_patterns].pattern = nullptr; - mlmpAddPattern((tMlmpTree*)sip_ua_matcher, patterns, pattern_node); + mlmpAddPattern(sip_ua_matcher, patterns, pattern_node); } for ( pattern_node = sip_server_list; pattern_node; pattern_node = @@ -136,11 +136,19 @@ void SipPatternMatchers::finalize_patterns(OdpContext& odp_ctxt) (const char*)pattern_node->pattern.pattern, patterns, PATTERN_PART_MAX, 0); patterns[num_patterns].pattern = nullptr; - mlmpAddPattern((tMlmpTree*)sip_server_matcher, patterns, pattern_node); + mlmpAddPattern(sip_server_matcher, patterns, pattern_node); } - mlmpProcessPatterns((tMlmpTree*)sip_ua_matcher); - mlmpProcessPatterns((tMlmpTree*)sip_server_matcher); + mlmpProcessPatterns(sip_ua_matcher); + mlmpProcessPatterns(sip_server_matcher); +} + +void SipPatternMatchers::reload_patterns() +{ + assert(sip_ua_matcher); + mlmp_reload_patterns(*sip_ua_matcher); + assert(sip_server_matcher); + mlmp_reload_patterns(*sip_server_matcher); } int SipPatternMatchers::get_client_from_ua(const char* pattern, uint32_t pattern_len, diff --git a/src/network_inspectors/appid/detector_plugins/sip_patterns.h b/src/network_inspectors/appid/detector_plugins/sip_patterns.h index ae9688423..29eb7f0cd 100644 --- a/src/network_inspectors/appid/detector_plugins/sip_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/sip_patterns.h @@ -48,13 +48,14 @@ public: int get_client_from_ua(const char*, uint32_t, AppId&, char*&); int get_client_from_server(const char*, uint32_t, AppId&, char*&); void finalize_patterns(OdpContext&); + void reload_patterns(); private: static const int PATTERN_PART_MAX = 10; tMlmpPattern patterns[PATTERN_PART_MAX] = { { nullptr, 0, 0 } }; - void* sip_ua_matcher = nullptr; + tMlmpTree* sip_ua_matcher = nullptr; DetectorAppSipPattern* sip_ua_list = nullptr; - void* sip_server_matcher = nullptr; + tMlmpTree* sip_server_matcher = nullptr; DetectorAppSipPattern* sip_server_list = nullptr; }; diff --git a/src/network_inspectors/appid/detector_plugins/ssl_patterns.cc b/src/network_inspectors/appid/detector_plugins/ssl_patterns.cc index b2980e02e..8719bd4d4 100644 --- a/src/network_inspectors/appid/detector_plugins/ssl_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/ssl_patterns.cc @@ -169,6 +169,12 @@ void SslPatternMatchers::finalize_patterns() create_matcher(ssl_cname_matcher, cname_pattern_list); } +void SslPatternMatchers::reload_patterns() +{ + ssl_host_matcher.reload(); + ssl_cname_matcher.reload(); +} + bool SslPatternMatchers::scan_hostname(const uint8_t* hostname, size_t size, AppId& client_id, AppId& payload_id) { return scan_patterns(ssl_host_matcher, hostname, size, client_id, payload_id); diff --git a/src/network_inspectors/appid/detector_plugins/ssl_patterns.h b/src/network_inspectors/appid/detector_plugins/ssl_patterns.h index da9380eea..fdc60e178 100644 --- a/src/network_inspectors/appid/detector_plugins/ssl_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/ssl_patterns.h @@ -52,6 +52,7 @@ public: void add_cert_pattern(uint8_t*, size_t, uint8_t, AppId); void add_cname_pattern(uint8_t*, size_t, uint8_t, AppId); void finalize_patterns(); + void reload_patterns(); bool scan_hostname(const uint8_t*, size_t, AppId&, AppId&); bool scan_cname(const uint8_t*, size_t, AppId&, AppId&); diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index f19e887bf..a07e2530b 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -216,8 +216,8 @@ void ServiceAppDescriptor::update_stats(AppId, bool){} void ClientAppDescriptor::update_user(AppId, const char*){} void ClientAppDescriptor::update_stats(AppId, bool) {} void PayloadAppDescriptor::update_stats(AppId, bool) {} -void ServiceDiscovery::initialize() -{ } +void ServiceDiscovery::initialize() {} +void ServiceDiscovery::reload() {} int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return 0; } diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 95e5023a4..3d94c40f4 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -60,14 +60,15 @@ namespace snort { AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) : StashGenericObject(STASH_GENERIC_OBJECT_APPID) {} +void SearchTool::reload() { } } void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } -AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } void ClientDiscovery::initialize() { } +void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } -void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, unsigned char const*, unsigned int, unsigned int) { } +void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } diff --git a/src/network_inspectors/appid/service_plugins/service_detector.h b/src/network_inspectors/appid/service_plugins/service_detector.h index 1a54561df..be992c273 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.h +++ b/src/network_inspectors/appid/service_plugins/service_detector.h @@ -30,7 +30,6 @@ class ServiceDetector : public AppIdDetector public: ServiceDetector(); - void do_custom_init() override { } void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) override; int service_inprocess(AppIdSession&, const snort::Packet*, AppidSessionDirection dir); diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 391f8648a..790479c77 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -145,12 +145,24 @@ void ServiceDiscovery::initialize() } } +void ServiceDiscovery::reload() +{ + for ( auto kv : tcp_detectors ) + kv.second->reload(); + for ( auto kv : udp_detectors ) + kv.second->reload(); +} + void ServiceDiscovery::finalize_service_patterns() { - if (tcp_patterns) - tcp_patterns->prep(); - if (udp_patterns) - udp_patterns->prep(); + tcp_patterns.prep(); + udp_patterns.prep(); +} + +void ServiceDiscovery::reload_service_patterns() +{ + tcp_patterns.reload(); + udp_patterns.reload(); } int ServiceDiscovery::add_service_port(AppIdDetector* detector, const ServiceDetectorPort& pp) @@ -235,9 +247,9 @@ void ServiceDiscovery::match_by_pattern(AppIdSession& asd, const Packet* pkt, Ip SearchTool* patterns = nullptr; if (proto == IpProtocol::TCP) - patterns = tcp_patterns; + patterns = &tcp_patterns; else - patterns = udp_patterns; + patterns = &udp_patterns; if (patterns) { diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.h b/src/network_inspectors/appid/service_plugins/service_discovery.h index 1fe8f1f50..b158e9ca0 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.h +++ b/src/network_inspectors/appid/service_plugins/service_discovery.h @@ -67,10 +67,11 @@ enum SESSION_SERVICE_SEARCH_STATE class ServiceDiscovery : public AppIdDiscovery { public: - ServiceDiscovery() { } ~ServiceDiscovery() override { } void initialize() override; + void reload() override; void finalize_service_patterns(); + void reload_service_patterns(); int add_service_port(AppIdDetector*, const ServiceDetectorPort&) override; AppIdDetectorsIterator get_detector_iterator(IpProtocol); diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index 8f6937506..2fe2d3fb6 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -104,17 +104,16 @@ MdnsServiceDetector::MdnsServiceDetector(ServiceDiscovery* sd) { 5353, IpProtocol::UDP, false }, }; - matcher = new SearchTool; for (unsigned i = 0; i < sizeof(patterns) / sizeof(*patterns); i++) - matcher->add((const char*)patterns[i].pattern, patterns[i].length, &patterns[i]); - matcher->prep(); + matcher.add((const char*)patterns[i].pattern, patterns[i].length, &patterns[i]); + matcher.prep(); handler->register_detector(name, this, proto); } -MdnsServiceDetector::~MdnsServiceDetector() +void MdnsServiceDetector::do_custom_reload() { - delete matcher; + matcher.reload(); } int MdnsServiceDetector::validate(AppIdDiscoveryArgs& args) @@ -420,7 +419,7 @@ static int mdns_pattern_match(void* id, void*, int match_end_pos, void* data, vo MatchedPatterns* MdnsServiceDetector::create_match_list(const char* data, uint16_t dataSize) { MatchedPatterns* pattern_list = nullptr; - matcher->find_all((const char*)data, dataSize, mdns_pattern_match, false, (void*)&pattern_list); + matcher.find_all((const char*)data, dataSize, mdns_pattern_match, false, (void*)&pattern_list); return pattern_list; } diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.h b/src/network_inspectors/appid/service_plugins/service_mdns.h index 1860a1eaf..309270b5a 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.h +++ b/src/network_inspectors/appid/service_plugins/service_mdns.h @@ -35,9 +35,9 @@ class MdnsServiceDetector : public ServiceDetector { public: MdnsServiceDetector(ServiceDiscovery*); - ~MdnsServiceDetector() override; int validate(AppIdDiscoveryArgs&) override; + void do_custom_reload() override; private: MatchedPatterns* create_match_list(const char* data, uint16_t dataSize); @@ -50,7 +50,7 @@ private: int reference_pointer(const char* start_ptr, const char** resp_endptr, int* start_index, uint16_t data_size, uint8_t* user_name_len, unsigned size, MatchedPatterns*& pattern_list); - snort::SearchTool* matcher = nullptr; + snort::SearchTool matcher; }; #endif diff --git a/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc b/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc index 35accf8ec..9de9e4bc1 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc +++ b/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc @@ -32,6 +32,7 @@ #include void ServiceDiscovery::initialize() {} +void ServiceDiscovery::reload() {} void ServiceDiscovery::finalize_service_patterns() {} void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {} void ServiceDiscovery::get_port_based_services(IpProtocol, uint16_t, AppIdSession&) {} diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index 8bbf129e8..afb49ca68 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -85,9 +85,11 @@ SipPatternMatchers::~SipPatternMatchers() { } HttpPatternMatchers::~HttpPatternMatchers() { } DnsPatternMatchers::~DnsPatternMatchers() { } void ClientDiscovery::initialize() {} +void ClientDiscovery::reload() {} FpSMBData* smb_data = nullptr; int AppIdDetector::initialize(){return 0;} +void AppIdDetector::reload() { } int AppIdDetector::data_add(AppIdSession&, void*, AppIdFreeFCN){return 0;} void* AppIdDetector::data_get(AppIdSession&) {return nullptr;} void AppIdDetector::add_user(AppIdSession&, const char*, AppId, bool){} @@ -99,11 +101,9 @@ void ServiceAppDescriptor::update_stats(AppId, bool){} void ClientAppDescriptor::update_user(AppId, const char*){} void ClientAppDescriptor::update_stats(AppId, bool) {} void PayloadAppDescriptor::update_stats(AppId, bool) {} -void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, +void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, const uint8_t* const, unsigned, unsigned){} void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol){} -void add_pattern_data(AppIdDetector*, snort::SearchTool*, int, - const uint8_t* const, unsigned, unsigned) {} void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, const uint8_t* const, unsigned, int, unsigned){} void AppIdDiscovery::register_udp_pattern(AppIdDetector*, const uint8_t* const, unsigned, @@ -120,7 +120,6 @@ int AppIdSession::add_flow_data(void* data, unsigned type, AppIdFreeFCN) return 0; } int dcerpc_validate(const uint8_t*, int){return 0; } -AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index 557dfb33a..264f76339 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -55,6 +55,7 @@ public: TestDetector() = default; void do_custom_init() override { } + void do_custom_reload() override { } int validate(AppIdDiscoveryArgs&) override { return 0; } void register_appid(AppId, unsigned, OdpContext&) override { } }; diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 5f4d0b209..c09f2c495 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -218,6 +218,7 @@ void AppIdHttpSession::set_tun_dest(){} // Stubs for ServiceDiscovery void ServiceDiscovery::initialize() {} +void ServiceDiscovery::reload() {} void ServiceDiscovery::finalize_service_patterns() {} void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {} void ServiceDiscovery::get_port_based_services(IpProtocol, uint16_t, AppIdSession&) {} @@ -245,7 +246,8 @@ AppId HostTracker::get_appid(Port, IpProtocol, bool, bool) // Stubs for ClientDiscovery void ClientDiscovery::initialize() {} -void ClientDiscovery::finalize_client_plugins() {} +void ClientDiscovery::reload() {} +void ClientDiscovery::finalize_client_patterns() {} static ClientDiscovery* c_discovery_manager = new ClientDiscovery(); bool ClientDiscovery::do_client_discovery(AppIdSession&, Packet*, AppidSessionDirection, AppidChangeBits&) diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index ca4bb93ee..c862d8dd5 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -71,11 +71,11 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username) void ClientAppDescriptor::update_stats(AppId, bool) {} void PayloadAppDescriptor::update_stats(AppId, bool) {} -AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } void ClientDiscovery::initialize() { } +void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } -void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, unsigned char const*, unsigned int, unsigned int) { } +void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } @@ -99,8 +99,8 @@ int ServiceDiscovery::add_ftp_service_state(AppIdSession&) return 0; } -void ServiceDiscovery::initialize() -{ } +void ServiceDiscovery::initialize() { } +void ServiceDiscovery::reload() { } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return 0; } diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index 4bd4c99ce..e03b48f47 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -92,11 +92,11 @@ AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; -AppIdDiscovery::AppIdDiscovery() {} AppIdDiscovery::~AppIdDiscovery() {} void ClientDiscovery::initialize() { } +void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol) {} -void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool*, int, const uint8_t* const, +void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool&, int, const uint8_t* const, unsigned, unsigned) {} void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, const uint8_t* const, unsigned, int, unsigned) {} @@ -105,6 +105,7 @@ void AppIdDiscovery::register_udp_pattern(AppIdDetector*, const uint8_t* const, int AppIdDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } void ServiceDiscovery::initialize() {} +void ServiceDiscovery::reload() {} void ServiceDiscovery::finalize_service_patterns() {} void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {} void ServiceDiscovery::get_port_based_services(IpProtocol, uint16_t, AppIdSession&) {} diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index e0f39127d..46d17b618 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -46,11 +46,11 @@ ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr; snort::SearchTool::SearchTool(char const*, bool) { } snort::SearchTool::~SearchTool() { } -AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } void ClientDiscovery::initialize() { } +void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } -void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, unsigned char const*, unsigned int, unsigned int) { } +void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } @@ -62,6 +62,7 @@ AppIdConfig::~AppIdConfig() { } OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } OdpContext::~OdpContext() { } void ServiceDiscovery::initialize() { } +void ServiceDiscovery::reload() { } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return 0; } diff --git a/src/search_engines/hyperscan.cc b/src/search_engines/hyperscan.cc index b04f92f35..e6e20c869 100644 --- a/src/search_engines/hyperscan.cc +++ b/src/search_engines/hyperscan.cc @@ -152,6 +152,7 @@ public: } int prep_patterns(SnortConfig*) override; + void reuse_search() override; int _search(const uint8_t*, int, MpseMatch, void*, int*) override; @@ -264,6 +265,15 @@ int HyperscanMpse::prep_patterns(SnortConfig* sc) return 0; } +void HyperscanMpse::reuse_search() +{ + if ( pvector.empty() ) + return; + + if ( hs_error_t err = hs_alloc_scratch(hs_db, &s_scratch[get_instance_id()]) ) + ErrorMessage("can't allocate search scratch space (%d)", err); +} + int HyperscanMpse::match(unsigned id, unsigned long long to, MpseMatch match_cb, void* match_ctx) { assert(id < pvector.size()); diff --git a/src/search_engines/search_tool.cc b/src/search_engines/search_tool.cc index e872c4330..663ac6cb4 100644 --- a/src/search_engines/search_tool.cc +++ b/src/search_engines/search_tool.cc @@ -119,6 +119,14 @@ void SearchTool::prep() mpsegrp->offload_mpse->prep_patterns(nullptr); } +void SearchTool::reload() +{ + if ( mpsegrp->normal_mpse ) + mpsegrp->normal_mpse->reuse_search(); + if ( mpsegrp->offload_mpse ) + mpsegrp->offload_mpse->reuse_search(); +} + int SearchTool::find( const char* str, unsigned len, MpseMatch mf, int& state, bool confine, void* user_data) { diff --git a/src/search_engines/search_tool.h b/src/search_engines/search_tool.h index abb247f1e..445ee487f 100644 --- a/src/search_engines/search_tool.h +++ b/src/search_engines/search_tool.h @@ -42,6 +42,7 @@ public: void add(const uint8_t* pattern, unsigned len, void* s_context, bool no_case = true); void prep(); + void reload(); // set state to zero on first call int find(const char* s, unsigned s_len, MpseMatch, int& state, diff --git a/src/search_engines/test/hyperscan_test.cc b/src/search_engines/test/hyperscan_test.cc index fd7a21add..7b3a44618 100644 --- a/src/search_engines/test/hyperscan_test.cc +++ b/src/search_engines/test/hyperscan_test.cc @@ -129,6 +129,7 @@ const SnortConfig* SnortConfig::get_conf() static unsigned parse_errors = 0; void ParseError(const char*, ...) { parse_errors++; } +void ErrorMessage(const char*, ...) { } void LogCount(char const*, uint64_t, FILE*) { }