From: Steve Chew (stechew) Date: Tue, 22 Oct 2019 20:31:36 +0000 (-0400) Subject: Merge pull request #1775 in SNORT/snort3 from ~SBAIGAL/snort3:default_pub_subs to... X-Git-Tag: 3.0.0-263~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a9849b186a268c4915560134f0c4d4c61fe4222;p=thirdparty%2Fsnort3.git Merge pull request #1775 in SNORT/snort3 from ~SBAIGAL/snort3:default_pub_subs to master Squashed commit of the following: commit 8c7d0ffc284e7fe8e3fba15d0f9eec287b0f847c Author: Steven Baigal (sbaigal) Date: Thu Sep 26 16:06:24 2019 -0400 pub_subs: made default pub_subs policy-independent --- diff --git a/src/flow/test/flow_stash_test.cc b/src/flow/test/flow_stash_test.cc index 144a3489e..6fc74b8cb 100644 --- a/src/flow/test/flow_stash_test.cc +++ b/src/flow/test/flow_stash_test.cc @@ -94,13 +94,13 @@ void DataBus::subscribe(const char* key, DataHandler* h) { DB->_subscribe(key, h); } -void DataBus::subscribe_default(const char* key, DataHandler* h, SnortConfig*) +void DataBus::subscribe_global(const char* key, DataHandler* h, SnortConfig*) { DB->_subscribe(key, h); } void DataBus::unsubscribe(const char*, DataHandler*) {} -void DataBus::unsubscribe_default(const char*, DataHandler*, SnortConfig*) {} +void DataBus::unsubscribe_global(const char*, DataHandler*, SnortConfig*) {} void DataBus::publish(const char* key, DataEvent& e, Flow* f) { diff --git a/src/framework/data_bus.cc b/src/framework/data_bus.cc index 63bb6b71d..57d7539bd 100644 --- a/src/framework/data_bus.cc +++ b/src/framework/data_bus.cc @@ -106,12 +106,10 @@ void DataBus::subscribe(const char* key, DataHandler* h) } // for subscribers that need to receive events regardless of active inspection policy -void DataBus::subscribe_default(const char* key, DataHandler* h, SnortConfig* sc) +void DataBus::subscribe_global(const char* key, DataHandler* h, SnortConfig* sc) { - if (sc) - get_default_inspection_policy(sc)->dbus._subscribe(key, h); - else - get_default_inspection_policy(SnortConfig::get_conf())->dbus._subscribe(key, h); + assert(sc); + sc->global_dbus->_subscribe(key, h); } void DataBus::unsubscribe(const char* key, DataHandler* h) @@ -119,12 +117,10 @@ void DataBus::unsubscribe(const char* key, DataHandler* h) get_data_bus()._unsubscribe(key, h); } -void DataBus::unsubscribe_default(const char* key, DataHandler* h, SnortConfig* sc) +void DataBus::unsubscribe_global(const char* key, DataHandler* h, SnortConfig* sc) { - if (sc) - get_default_inspection_policy(sc)->dbus._unsubscribe(key, h); - else - get_default_inspection_policy(SnortConfig::get_conf())->dbus._unsubscribe(key, h); + assert(sc); + sc->global_dbus->_unsubscribe(key, h); } // notify subscribers of event @@ -133,12 +129,7 @@ void DataBus::publish(const char* key, DataEvent& e, Flow* f) InspectionPolicy* pi = get_inspection_policy(); pi->dbus._publish(key, e, f); - // also publish to default policy to notify control subscribers such as appid - InspectionPolicy* di = get_default_inspection_policy(SnortConfig::get_conf()); - - // of course, only when current is not default - if ( di != pi ) - di->dbus._publish(key, e, f); + SnortConfig::get_conf()->global_dbus->_publish(key, e, f); } void DataBus::publish(const char* key, const uint8_t* buf, unsigned len, Flow* f) diff --git a/src/framework/data_bus.h b/src/framework/data_bus.h index 8f294703f..9bc2c085d 100644 --- a/src/framework/data_bus.h +++ b/src/framework/data_bus.h @@ -27,8 +27,8 @@ // at arbitrary points, eg when service is identified, or when a URI is // available, or when a flow clears. -#include #include +#include #include #include @@ -84,7 +84,7 @@ protected: // FIXIT-P evaluate perf; focus is on correctness typedef std::vector DataList; -typedef std::map DataMap; +typedef std::unordered_map DataMap; typedef std::unordered_set DataModule; class SO_PUBLIC DataBus @@ -97,9 +97,9 @@ public: void add_mapped_module(const char*); static void subscribe(const char* key, DataHandler*); - static void subscribe_default(const char* key, DataHandler*, SnortConfig* = nullptr); + static void subscribe_global(const char* key, DataHandler*, SnortConfig*); static void unsubscribe(const char* key, DataHandler*); - static void unsubscribe_default(const char* key, DataHandler*, SnortConfig* = nullptr); + static void unsubscribe_global(const char* key, DataHandler*, SnortConfig*); static void publish(const char* key, DataEvent&, Flow* = nullptr); // convenience methods diff --git a/src/main/snort.cc b/src/main/snort.cc index 02397c8ed..d467356c6 100644 --- a/src/main/snort.cc +++ b/src/main/snort.cc @@ -553,6 +553,8 @@ SnortConfig* Snort::get_updated_policy(SnortConfig* other_conf, const char* fnam other_conf->cloned = true; sc->policy_map->get_inspection_policy()->clone_dbus(other_conf, iname); + sc->global_dbus->add_mapped_module(iname); + sc->global_dbus->clone(*other_conf->global_dbus); InspectorManager::update_policy(sc); reloading = false; return sc; @@ -592,6 +594,8 @@ SnortConfig* Snort::get_updated_module(SnortConfig* other_conf, const char* name other_conf->cloned = true; sc->policy_map->get_inspection_policy()->clone_dbus(other_conf, name); + sc->global_dbus->add_mapped_module(name); + sc->global_dbus->clone(*other_conf->global_dbus); InspectorManager::update_policy(sc); reloading = false; return sc; diff --git a/src/main/snort_config.cc b/src/main/snort_config.cc index 9e6acc6b1..7de40be73 100644 --- a/src/main/snort_config.cc +++ b/src/main/snort_config.cc @@ -202,6 +202,7 @@ void SnortConfig::init(const SnortConfig* const other_conf, ProtocolReference* p memory = new MemoryConfig(); policy_map = new PolicyMap; thread_config = new ThreadConfig(); + global_dbus = new DataBus(); memset(evalOrder, 0, sizeof(evalOrder)); proto_ref = new ProtocolReference(protocol_reference); @@ -300,6 +301,7 @@ SnortConfig::~SnortConfig() delete[] state; delete thread_config; delete ha_config; + delete global_dbus; if (gtp_ports) delete gtp_ports; diff --git a/src/main/snort_config.h b/src/main/snort_config.h index 04b698d6f..b6c092b9c 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -373,6 +373,8 @@ public: VarNode* var_list = nullptr; std::string tweaks; + DataBus* global_dbus = nullptr; + uint8_t tunnel_mask = 0; // FIXIT-L this is temporary for legacy paf_max required only for HI; diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index c325365b5..93f61e0d2 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -111,7 +111,7 @@ bool AppIdInspector::configure(SnortConfig* sc) active_config = new AppIdConfig(const_cast(config)); my_seh = SipEventHandler::create(); - my_seh->subscribe(); + my_seh->subscribe(sc); active_config->init_appid(sc); @@ -119,11 +119,11 @@ bool AppIdInspector::configure(SnortConfig* sc) if (!TPLibHandler::have_tp()) #endif { - DataBus::subscribe(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler( - HttpEventHandler::REQUEST_EVENT)); + DataBus::subscribe_global(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler( + HttpEventHandler::REQUEST_EVENT), sc); - DataBus::subscribe(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler( - HttpEventHandler::RESPONSE_EVENT)); + DataBus::subscribe_global(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler( + HttpEventHandler::RESPONSE_EVENT), sc); } return true; diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.h b/src/network_inspectors/appid/detector_plugins/detector_sip.h index bfb05e387..626c9fb68 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.h +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.h @@ -101,8 +101,8 @@ public: static void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; } static void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; } - void subscribe() - { snort::DataBus::subscribe(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this); } + void subscribe(snort::SnortConfig* sc) + { snort::DataBus::subscribe_global(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this, sc); } void handle(snort::DataEvent&, snort::Flow*) override; diff --git a/src/network_inspectors/perf_monitor/perf_monitor.cc b/src/network_inspectors/perf_monitor/perf_monitor.cc index 8306e9316..c7a7f0396 100644 --- a/src/network_inspectors/perf_monitor/perf_monitor.cc +++ b/src/network_inspectors/perf_monitor/perf_monitor.cc @@ -85,7 +85,7 @@ class PerfIdleHandler : public DataHandler { public: PerfIdleHandler(PerfMonitor& p, SnortConfig*& sc) : DataHandler(PERF_NAME), perf_monitor(p) - { DataBus::subscribe_default(THREAD_IDLE_EVENT, this, sc); } + { DataBus::subscribe_global(THREAD_IDLE_EVENT, this, sc); } void handle(DataEvent&, Flow*) override { perf_monitor.eval(nullptr); } @@ -98,7 +98,7 @@ class PerfRotateHandler : public DataHandler { public: PerfRotateHandler(PerfMonitor& p, SnortConfig* sc) : DataHandler(PERF_NAME), perf_monitor(p) - { DataBus::subscribe_default(THREAD_ROTATE_EVENT, this, sc); } + { DataBus::subscribe_global(THREAD_ROTATE_EVENT, this, sc); } void handle(DataEvent&, Flow*) override { perf_monitor.rotate(); } @@ -111,7 +111,7 @@ class FlowIPDataHandler : public DataHandler { public: FlowIPDataHandler(PerfMonitor& p, SnortConfig* sc) : DataHandler(PERF_NAME), perf_monitor(p) - { DataBus::subscribe_default(FLOW_STATE_EVENT, this, sc); } + { DataBus::subscribe_global(FLOW_STATE_EVENT, this, sc); } void handle(DataEvent&, Flow* flow) override { diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc index 4315f7a97..2f3206a2b 100644 --- a/src/network_inspectors/rna/rna_inspector.cc +++ b/src/network_inspectors/rna/rna_inspector.cc @@ -67,22 +67,22 @@ RnaInspector::~RnaInspector() delete mod_conf; } -bool RnaInspector::configure(SnortConfig*) +bool RnaInspector::configure(SnortConfig* sc) { - DataBus::subscribe( STREAM_ICMP_NEW_FLOW_EVENT, new RnaIcmpNewFlowEventHandler(*pnd) ); - DataBus::subscribe( STREAM_ICMP_BIDIRECTIONAL_EVENT, new RnaIcmpBidirectionalEventHandler(*pnd) ); + DataBus::subscribe_global( STREAM_ICMP_NEW_FLOW_EVENT, new RnaIcmpNewFlowEventHandler(*pnd), sc ); + DataBus::subscribe_global( STREAM_ICMP_BIDIRECTIONAL_EVENT, new RnaIcmpBidirectionalEventHandler(*pnd), sc ); - DataBus::subscribe( STREAM_IP_NEW_FLOW_EVENT, new RnaIpNewFlowEventHandler(*pnd) ); - DataBus::subscribe( STREAM_IP_BIDIRECTIONAL_EVENT, new RnaIpBidirectionalEventHandler(*pnd) ); + DataBus::subscribe_global( STREAM_IP_NEW_FLOW_EVENT, new RnaIpNewFlowEventHandler(*pnd), sc ); + DataBus::subscribe_global( STREAM_IP_BIDIRECTIONAL_EVENT, new RnaIpBidirectionalEventHandler(*pnd), sc ); - DataBus::subscribe( STREAM_UDP_NEW_FLOW_EVENT, new RnaUdpNewFlowEventHandler(*pnd) ); - DataBus::subscribe( STREAM_UDP_BIDIRECTIONAL_EVENT, new RnaUdpBidirectionalEventHandler(*pnd) ); + DataBus::subscribe_global( STREAM_UDP_NEW_FLOW_EVENT, new RnaUdpNewFlowEventHandler(*pnd), sc ); + DataBus::subscribe_global( STREAM_UDP_BIDIRECTIONAL_EVENT, new RnaUdpBidirectionalEventHandler(*pnd), sc ); - DataBus::subscribe( STREAM_TCP_SYN_EVENT, new RnaTcpSynEventHandler(*pnd) ); - DataBus::subscribe( STREAM_TCP_SYN_ACK_EVENT, new RnaTcpSynAckEventHandler(*pnd) ); - DataBus::subscribe( STREAM_TCP_MIDSTREAM_EVENT, new RnaTcpMidstreamEventHandler(*pnd) ); + DataBus::subscribe_global( STREAM_TCP_SYN_EVENT, new RnaTcpSynEventHandler(*pnd), sc ); + DataBus::subscribe_global( STREAM_TCP_SYN_ACK_EVENT, new RnaTcpSynAckEventHandler(*pnd), sc ); + DataBus::subscribe_global( STREAM_TCP_MIDSTREAM_EVENT, new RnaTcpMidstreamEventHandler(*pnd), sc ); if (rna_conf && rna_conf->log_when_idle) - DataBus::subscribe( THREAD_IDLE_EVENT, new RnaIdleEventHandler(*pnd) ); + DataBus::subscribe_global( THREAD_IDLE_EVENT, new RnaIdleEventHandler(*pnd), sc ); return true; } diff --git a/src/piglet/piglet_manager.cc b/src/piglet/piglet_manager.cc index dd7fdd43a..97f64c786 100644 --- a/src/piglet/piglet_manager.cc +++ b/src/piglet/piglet_manager.cc @@ -24,6 +24,7 @@ #include "piglet_manager.h" #include +#include #include "log/messages.h" #include "main/snort_config.h"