From: Shravan Rangarajuvenkata (shrarang) Date: Thu, 9 Jan 2020 20:06:08 +0000 (+0000) Subject: Merge pull request #1924 in SNORT/snort3 from ~SHRARANG/snort3:appid_terminology... X-Git-Tag: 3.0.0-268~63 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=738138d7fcbb8b647ab61415a8be7514c4c6629c;p=thirdparty%2Fsnort3.git Merge pull request #1924 in SNORT/snort3 from ~SHRARANG/snort3:appid_terminology to master Squashed commit of the following: commit d6d663b8816f18fa38d8adc0ad753fe548b51079 Author: Shravan Rangaraju Date: Wed Jan 8 05:47:53 2020 -0500 appid: cleanup terminology --- diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index bf2ddc3af..ab4f68bbc 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -274,7 +274,7 @@ void AppInfoManager::set_app_info_active(AppId appId) ParseWarning(WARN_PLUGINS, "appid: no entry in %s for %d", APP_MAPPING_FILE, appId); } -void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* path) +void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path) { char buf[MAX_TABLE_LINE_LEN]; unsigned line = 0; @@ -612,16 +612,16 @@ SnortProtocolId AppInfoManager::add_appid_protocol_reference(const char* protoco return snort_protocol_id; } -void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config, +void AppInfoManager::init_appid_info_table(AppIdConfig* config, SnortConfig* sc) { - if ( !mod_config->app_detector_dir ) + if ( !config->app_detector_dir ) { return; // no lua detectors, no rule support, already warned } char filepath[PATH_MAX]; - snprintf(filepath, sizeof(filepath), "%s/odp/%s", mod_config->app_detector_dir, + snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir, APP_MAPPING_FILE); FILE* tableFile = fopen(filepath, "r"); @@ -712,15 +712,15 @@ void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config, } fclose(tableFile); - snprintf(filepath, sizeof(filepath), "%s/odp/%s", mod_config->app_detector_dir, + snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir, APP_CONFIG_FILE); - load_appid_config (mod_config, filepath); - snprintf(filepath, sizeof(filepath), "%s/custom/%s", mod_config->app_detector_dir, + load_appid_config (config, filepath); + snprintf(filepath, sizeof(filepath), "%s/custom/%s", config->app_detector_dir, USR_CONFIG_FILE); if (access (filepath, F_OK)) - snprintf(filepath, sizeof(filepath), "%s/../%s", mod_config->app_detector_dir, + snprintf(filepath, sizeof(filepath), "%s/../%s", config->app_detector_dir, USR_CONFIG_FILE); - load_appid_config (mod_config, filepath); + load_appid_config (config, filepath); } } diff --git a/src/network_inspectors/appid/app_info_table.h b/src/network_inspectors/appid/app_info_table.h index 1444f57e4..0a72a683d 100644 --- a/src/network_inspectors/appid/app_info_table.h +++ b/src/network_inspectors/appid/app_info_table.h @@ -39,7 +39,7 @@ #define SF_APPID_CSD_MIN 1000000 #define SF_APPID_DYNAMIC_MIN 2000000 -class AppIdModuleConfig; +class AppIdConfig; class ClientDetector; class ServiceDetector; @@ -142,14 +142,14 @@ public: return entry ? entry->priority : 0; } - void init_appid_info_table(AppIdModuleConfig*, snort::SnortConfig*); + void init_appid_info_table(AppIdConfig*, snort::SnortConfig*); void cleanup_appid_info_table(); void dump_app_info_table(); SnortProtocolId add_appid_protocol_reference(const char* protocol, snort::SnortConfig*); private: inline AppInfoManager() = default; - void load_appid_config(AppIdModuleConfig*, const char* path); + void load_appid_config(AppIdConfig*, const char* path); AppInfoTableEntry* get_app_info_entry(AppId appId, const AppInfoTable&); }; diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index e9eeb9ded..bcb30d193 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -56,13 +56,6 @@ using namespace snort; using namespace snort; -uint32_t app_id_netmasks[33] = -{ 0x00000000, 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000, 0xF8000000, 0xFC000000, - 0xFE000000, 0xFF000000, 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000, 0xFFF80000, - 0xFFFC0000, 0xFFFE0000, 0xFFFF0000, 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000, - 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00, 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0, - 0xFFFFFFF0, 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF }; - struct PortList { PortList* next; @@ -88,31 +81,31 @@ static void map_app_names_to_snort_ids(SnortConfig* sc) sc->proto_ref->add("tftp"); } -AppIdModuleConfig::~AppIdModuleConfig() +AppIdConfig::~AppIdConfig() { snort_free((void*)app_detector_dir); } -// FIXIT-M: RELOAD - move initialization back to AppIdConfig class constructor -AppInfoManager& AppIdConfig::app_info_mgr = AppInfoManager::get_instance(); -std::array AppIdConfig::tcp_port_only = {APP_ID_NONE}; -std::array AppIdConfig::udp_port_only = {APP_ID_NONE}; -std::array AppIdConfig::ip_protocol = {APP_ID_NONE}; +// FIXIT-M: RELOAD - move initialization back to AppIdContext class constructor +AppInfoManager& AppIdContext::app_info_mgr = AppInfoManager::get_instance(); +std::array AppIdContext::tcp_port_only = {APP_ID_NONE}; +std::array AppIdContext::udp_port_only = {APP_ID_NONE}; +std::array AppIdContext::ip_protocol = {APP_ID_NONE}; // FIXIT-M: RELOAD - Move app info table cleanup back to AppId config destructor - cleanup() -void AppIdConfig::pterm() +void AppIdContext::pterm() { - AppIdConfig::app_info_mgr.cleanup_appid_info_table(); + AppIdContext::app_info_mgr.cleanup_appid_info_table(); } -void AppIdConfig::read_port_detectors(const char* files) +void AppIdContext::read_port_detectors(const char* files) { int rval; glob_t globs; char pattern[PATH_MAX]; uint32_t n; - snprintf(pattern, sizeof(pattern), "%s/%s", mod_config->app_detector_dir, files); + snprintf(pattern, sizeof(pattern), "%s/%s", config->app_detector_dir, files); memset(&globs, 0, sizeof(globs)); rval = glob(pattern, 0, nullptr, &globs); @@ -221,9 +214,9 @@ void AppIdConfig::read_port_detectors(const char* files) udp_port_only[tmp_port->port] = appId; snort_free(tmp_port); - AppIdConfig::app_info_mgr.set_app_info_active(appId); + AppIdContext::app_info_mgr.set_app_info_active(appId); } - AppIdConfig::app_info_mgr.set_app_info_active(appId); + AppIdContext::app_info_mgr.set_app_info_active(appId); } else ErrorMessage("Missing parameter(s) in port service '%s'\n",globs.gl_pathv[n]); @@ -240,14 +233,14 @@ next: ; globfree(&globs); } -bool AppIdConfig::init_appid(SnortConfig* sc) +bool AppIdContext::init_appid(SnortConfig* sc) { // FIXIT-M: RELOAD - Get rid of "once" flag - // Handle the if condition in AppIdConfig::init_appid + // Handle the if condition in AppIdContext::init_appid static bool once = false; if (!once) { - AppIdConfig::app_info_mgr.init_appid_info_table(mod_config, sc); + AppIdContext::app_info_mgr.init_appid_info_table(config, sc); HostPortCache::initialize(); HttpPatternMatchers* http_matchers = HttpPatternMatchers::get_instance(); AppIdDiscovery::initialize_plugins(); @@ -267,20 +260,20 @@ bool AppIdConfig::init_appid(SnortConfig* sc) #ifdef ENABLE_APPID_THIRD_PARTY // do not reload third party on reload_config() if (!tp_appid_ctxt) - tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*mod_config); + tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config); #endif map_app_names_to_snort_ids(sc); return true; } #ifdef ENABLE_APPID_THIRD_PARTY -void AppIdConfig::create_tp_appid_ctxt() +void AppIdContext::create_tp_appid_ctxt() { - tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*mod_config); + tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config); } #endif -AppId AppIdConfig::get_port_service_id(IpProtocol proto, uint16_t port) +AppId AppIdContext::get_port_service_id(IpProtocol proto, uint16_t port) { AppId appId; @@ -292,18 +285,18 @@ AppId AppIdConfig::get_port_service_id(IpProtocol proto, uint16_t port) return appId; } -AppId AppIdConfig::get_protocol_service_id(IpProtocol proto) +AppId AppIdContext::get_protocol_service_id(IpProtocol proto) { return ip_protocol[(uint16_t)proto]; } -void AppIdConfig::show() +void AppIdContext::show() { - if (!mod_config->tp_appid_path.empty()) - LogMessage(" 3rd Party Dir: %s\n", mod_config->tp_appid_path.c_str()); + if (!config->tp_appid_path.empty()) + LogMessage(" 3rd Party Dir: %s\n", config->tp_appid_path.c_str()); } -void AppIdConfig::display_port_config() +void AppIdContext::display_port_config() { bool first = true; diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index a1b219198..56b2aa233 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -36,33 +36,20 @@ #include "tp_appid_module_api.h" #endif -#define APP_ID_MAX_DIRS 16 #define APP_ID_PORT_ARRAY_SIZE 65536 -#define MAX_ZONES 1024 -struct NetworkSet; class AppIdInspector; class AppInfoManager; -extern unsigned appIdPolicyId; -extern uint32_t app_id_netmasks[]; - extern SnortProtocolId snortId_for_unsynchronized; extern SnortProtocolId snortId_for_ftp_data; extern SnortProtocolId snortId_for_http2; -struct PortExclusion -{ - int family; - snort::ip::snort_in6_addr ip; - snort::ip::snort_in6_addr netmask; -}; - -class AppIdModuleConfig +class AppIdConfig { public: - AppIdModuleConfig() = default; - ~AppIdModuleConfig(); + AppIdConfig() = default; + ~AppIdConfig(); // FIXIT-L: DECRYPT_DEBUG - Move this to ssl-module #ifdef REG_TEST @@ -108,15 +95,13 @@ public: bool recheck_for_portservice_appid = false; }; -typedef std::array AppIdPortExclusions; - -class AppIdConfig +class AppIdContext { public: - AppIdConfig(AppIdModuleConfig* config) : mod_config(config) + AppIdContext(AppIdConfig* config) : config(config) { } - ~AppIdConfig() + ~AppIdContext() { #ifdef ENABLE_APPID_THIRD_PARTY delete tp_appid_ctxt; @@ -124,7 +109,7 @@ public: } #ifdef ENABLE_APPID_THIRD_PARTY - ThirdPartyAppIDModule* get_tp_appid_ctxt() const + ThirdPartyAppIdContext* get_tp_appid_ctxt() const { return tp_appid_ctxt; } void create_tp_appid_ctxt(); @@ -143,19 +128,16 @@ public: static std::array udp_port_only; // port-only UDP services static std::array ip_protocol; // non-TCP / UDP protocol services - SF_LIST client_app_args; // List of Client App arguments - // for each potential port, an sflist of PortExclusion structs - AppIdModuleConfig* mod_config = nullptr; - unsigned appIdPolicyId = 53; + AppIdConfig* config = nullptr; private: void read_port_detectors(const char* files); void display_port_config(); // FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is - // removed from AppIdConfig::pterm + // removed from AppIdContext::pterm static AppInfoManager& app_info_mgr; #ifdef ENABLE_APPID_THIRD_PARTY - ThirdPartyAppIDModule* tp_appid_ctxt = nullptr; + ThirdPartyAppIdContext* tp_appid_ctxt = nullptr; #endif }; diff --git a/src/network_inspectors/appid/appid_detector.h b/src/network_inspectors/appid/appid_detector.h index ceef1ca8b..8f7945e5a 100644 --- a/src/network_inspectors/appid/appid_detector.h +++ b/src/network_inspectors/appid/appid_detector.h @@ -31,7 +31,7 @@ #include "application_ids.h" #include "service_state.h" -class AppIdConfig; +class AppIdContext; class LuaStateDescriptor; namespace snort @@ -77,7 +77,7 @@ class AppIdDiscoveryArgs public: AppIdDiscoveryArgs(const uint8_t* data, uint16_t size, AppidSessionDirection dir, AppIdSession& asd, snort::Packet* p, AppidChangeBits& cb) : data(data), - size(size), dir(dir), asd(asd), pkt(p), config(asd.config), change_bits(cb) + size(size), dir(dir), asd(asd), pkt(p), ctxt(asd.ctxt), change_bits(cb) {} const uint8_t* data; @@ -85,7 +85,7 @@ public: AppidSessionDirection dir; AppIdSession& asd; snort::Packet* pkt; - const AppIdConfig* config = nullptr; + const AppIdContext* ctxt = nullptr; AppidChangeBits& change_bits; }; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index b023d979e..7799d9987 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -138,7 +138,7 @@ int AppIdDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) #ifdef ENABLE_APPID_THIRD_PARTY void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector, - ThirdPartyAppIDModule* tp_appid_ctxt) + ThirdPartyAppIdContext* tp_appid_ctxt) #else void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector) #endif @@ -305,54 +305,8 @@ static uint64_t is_session_monitored(const AppIdSession& asd, const Packet* p, A uint64_t flow_flags = APPID_SESSION_DISCOVER_APP; flow_flags |= asd.common.flags; - // FIXIT-M - the 2.x purpose of this check is to stop monitoring a flow after a - // reload if the flow ip addresses are no longer configured to be - // monitored... this may not apply in snort++, find out and fix - // accordingly - if ( asd.common.policyId != asd.config->appIdPolicyId ) - { - if (dir == APP_ID_FROM_INITIATOR) - { - if (asd.get_session_flags(APPID_SESSION_INITIATOR_CHECKED)) - { - flags = get_ipfuncs_flags(p, false); - if (flags & IPFUNCS_HOSTS_IP) - flow_flags |= APPID_SESSION_INITIATOR_MONITORED; - else - flow_flags &= ~APPID_SESSION_INITIATOR_MONITORED; - } - - if (asd.get_session_flags(APPID_SESSION_RESPONDER_CHECKED)) - { - flags = get_ipfuncs_flags(p, true); - if (flags & IPFUNCS_HOSTS_IP) - flow_flags |= APPID_SESSION_RESPONDER_MONITORED; - else - flow_flags &= ~APPID_SESSION_RESPONDER_MONITORED; - } - } - else - { - if (asd.get_session_flags(APPID_SESSION_RESPONDER_CHECKED)) - { - flags = get_ipfuncs_flags(p, false); - if (flags & IPFUNCS_HOSTS_IP) - flow_flags |= APPID_SESSION_RESPONDER_MONITORED; - else - flow_flags &= ~APPID_SESSION_RESPONDER_MONITORED; - } - - if (asd.get_session_flags(APPID_SESSION_INITIATOR_CHECKED)) - { - flags = get_ipfuncs_flags(p, true); - if (flags & IPFUNCS_HOSTS_IP) - flow_flags |= APPID_SESSION_INITIATOR_MONITORED; - else - flow_flags &= ~APPID_SESSION_INITIATOR_MONITORED; - } - } - } + // FIXIT-M - Re-check a flow after snort is reloaded. RNA policy might have changed if (asd.get_session_flags(APPID_SESSION_BIDIRECTIONAL_CHECKED) == APPID_SESSION_BIDIRECTIONAL_CHECKED) return flow_flags; @@ -523,7 +477,6 @@ bool AppIdDiscovery::handle_unmonitored_session(AppIdSession* asd, const Packet* LogMessage("AppIdDbg %s Unknown monitoring\n", appidDebug->get_debug_session()); } tmp_session->common.flags = flow_flags; - tmp_session->common.policyId = inspector.get_appid_config()->appIdPolicyId; p->flow->set_flow_data(tmp_session); } else @@ -532,7 +485,6 @@ bool AppIdDiscovery::handle_unmonitored_session(AppIdSession* asd, const Packet* if ( ( flow_flags & APPID_SESSION_BIDIRECTIONAL_CHECKED) == APPID_SESSION_BIDIRECTIONAL_CHECKED ) asd->common.flow_type = APPID_FLOW_TYPE_IGNORE; - asd->common.policyId = asd->config->appIdPolicyId; if (appidDebug->is_active()) LogMessage("AppIdDbg %s Not monitored\n", appidDebug->get_debug_session()); } @@ -554,7 +506,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp if ( appidDebug->is_enabled() ) appidDebug->activate(p->flow, asd, - inspector.get_appid_config()->mod_config->log_all_sessions); + inspector.get_ctxt()->config->log_all_sessions); if ( is_packet_ignored(asd, p, direction) ) return false; @@ -590,7 +542,6 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp asd->stats.responder_bytes += p->pkth->pktlen; asd->common.flags = flow_flags; - asd->common.policyId = asd->config->appIdPolicyId; if (!asd->get_session_flags(APPID_SESSION_PAYLOAD_SEEN) and p->dsize) asd->set_session_flags(APPID_SESSION_PAYLOAD_SEEN); @@ -674,7 +625,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp // FIXIT-L: DECRYPT_DEBUG - Move set_proxied and first_decrypted_packet_debug to ssl-module // after ssl-module's decryption capability is implemented #ifdef REG_TEST - uint32_t fdpd = inspector.get_appid_config()->mod_config->first_decrypted_packet_debug; + uint32_t fdpd = inspector.get_ctxt()->config->first_decrypted_packet_debug; if (fdpd and (fdpd == asd->session_packet_count)) { p->flow->set_proxied(); @@ -708,7 +659,7 @@ void AppIdDiscovery::do_port_based_discovery(Packet* p, AppIdSession& asd, IpPro return; } - AppId id = asd.config->get_port_service_id(protocol, p->ptrs.sp); + AppId id = asd.ctxt->get_port_service_id(protocol, p->ptrs.sp); if (id > APP_ID_NONE) { asd.service.set_port_service_id(id); @@ -736,9 +687,9 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, if (!(asd.scan_flags & SCAN_HOST_PORT_FLAG)) check_static = true; - if ((asd.session_packet_count % asd.config->mod_config->host_port_app_cache_lookup_interval == 0) and - (asd.session_packet_count <= asd.config->mod_config->host_port_app_cache_lookup_range) and - asd.config->mod_config->is_host_port_app_cache_runtime ) + if ((asd.session_packet_count % asd.ctxt->config->host_port_app_cache_lookup_interval == 0) and + (asd.session_packet_count <= asd.ctxt->config->host_port_app_cache_lookup_range) and + asd.ctxt->config->is_host_port_app_cache_runtime ) check_dynamic = true; if (!(check_static || check_dynamic)) @@ -808,7 +759,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, auto ht = host_cache.find(*ip); if (ht) { - AppId appid = ht->get_appid(port, protocol, true, asd.config->mod_config->allow_port_wildcard_host_cache); + AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->config->allow_port_wildcard_host_cache); if (appid > APP_ID_NONE) { // FIXIT-L: Make this more generic to support service and payload IDs @@ -828,10 +779,10 @@ static inline bool is_check_host_cache_valid(AppIdSession& asd, AppId service_id { bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and misc_id <= APP_ID_NONE); bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or service_id == APP_ID_UNKNOWN_UI or - (asd.config->mod_config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())); - bool is_ssl_none = asd.config->mod_config->check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and + (asd.ctxt->config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())); + bool is_ssl_none = asd.ctxt->config->check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and (not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname())); - if (is_appid_none or is_ssl_none or asd.config->mod_config->check_host_port_app_cache) + if (is_appid_none or is_ssl_none or asd.ctxt->config->check_host_port_app_cache) return true; return false; } @@ -840,7 +791,7 @@ static inline bool is_check_host_cache_valid(AppIdSession& asd, AppId service_id bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id, AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits, - ThirdPartyAppIDModule* tp_appid_ctxt) + ThirdPartyAppIdContext* tp_appid_ctxt) #else bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id, @@ -855,7 +806,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, { if ( !asd.get_session_flags(APPID_SESSION_PORT_SERVICE_DONE) ) { - AppId id = asd.config->get_protocol_service_id(protocol); + AppId id = asd.ctxt->get_protocol_service_id(protocol); if (id > APP_ID_NONE) { asd.service.set_port_service_id(id); diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index 409704f70..4dc0e877f 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -40,7 +40,7 @@ class AppIdSession; class AppIdDetector; class ServiceDetector; struct ServiceDetectorPort; -class ThirdPartyAppIDModule; +class ThirdPartyAppIdContext; namespace snort { @@ -114,7 +114,7 @@ public: #ifdef ENABLE_APPID_THIRD_PARTY static void do_application_discovery(snort::Packet* p, AppIdInspector&, - ThirdPartyAppIDModule*); + ThirdPartyAppIdContext*); #else static void do_application_discovery(snort::Packet* p, AppIdInspector&); #endif @@ -146,7 +146,7 @@ private: static bool do_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id, AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits, - ThirdPartyAppIDModule* tp_appid_ctxt); + ThirdPartyAppIdContext* tp_appid_ctxt); #else static bool do_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id, diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index fea08bd95..2856231f5 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -306,7 +306,7 @@ void AppIdHttpSession::process_chp_buffers(AppidChangeBits& change_bits) int num_found = 0; cmd.cur_ptype = (HttpFieldIds)i; AppId ret = http_matchers->scan_chp(cmd, &version, &user, &num_found, this, - asd.config->mod_config); + asd.ctxt->config); total_found += num_found; if (!ret || num_found < ptype_req_counts[i]) { diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index b73ec9cbc..7a9091dbf 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -56,7 +56,7 @@ using namespace snort; #ifdef ENABLE_APPID_THIRD_PARTY -THREAD_LOCAL ThirdPartyAppIDModule* tp_appid_thread_ctxt = nullptr; +THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt = nullptr; #endif static THREAD_LOCAL PacketTracer::TracerMute appid_mute; @@ -99,28 +99,28 @@ AppIdInspector::AppIdInspector(AppIdModule& mod) AppIdInspector::~AppIdInspector() { - delete active_config; + delete ctxt; delete config; } -AppIdConfig* AppIdInspector::get_appid_config() +AppIdContext* AppIdInspector::get_ctxt() { - return active_config; + return ctxt; } bool AppIdInspector::configure(SnortConfig* sc) { - assert(!active_config); + assert(!ctxt); - active_config = new AppIdConfig(const_cast(config)); + ctxt = new AppIdContext(const_cast(config)); my_seh = SipEventHandler::create(); my_seh->subscribe(sc); - active_config->init_appid(sc); + ctxt->init_appid(sc); #ifdef ENABLE_APPID_THIRD_PARTY - if (!active_config->get_tp_appid_ctxt()) + if (!ctxt->get_tp_appid_ctxt()) #endif { DataBus::subscribe_global(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler( @@ -154,10 +154,10 @@ void AppIdInspector::tinit() AppIdStatistics::initialize_manager(*config); appid_forecast_tinit(); - LuaDetectorManager::initialize(*active_config); + LuaDetectorManager::initialize(*ctxt); AppIdServiceState::initialize(config->memcap); appidDebug = new AppIdDebug(); - if (active_config->mod_config and active_config->mod_config->log_all_sessions) + if (ctxt->config and ctxt->config->log_all_sessions) appidDebug->set_enabled(true); } @@ -171,7 +171,7 @@ void AppIdInspector::tterm() delete appidDebug; appidDebug = nullptr; #ifdef ENABLE_APPID_THIRD_PARTY - ThirdPartyAppIDModule* tp_appid_ctxt = active_config->get_tp_appid_ctxt(); + ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt(); if (tp_appid_ctxt) tp_appid_ctxt->tfini(); #endif @@ -183,7 +183,7 @@ void AppIdInspector::eval(Packet* p) appid_stats.packets++; #ifdef ENABLE_APPID_THIRD_PARTY - ThirdPartyAppIDModule* tp_appid_ctxt = active_config->get_tp_appid_ctxt(); + ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt(); if (tp_appid_thread_ctxt != tp_appid_ctxt) { if (tp_appid_thread_ctxt) @@ -246,7 +246,7 @@ static void appid_inspector_pterm() delete HttpPatternMatchers::get_instance(); service_dns_host_clean(); service_ssl_clean(); - AppIdConfig::pterm(); + AppIdContext::pterm(); //end of 'FIXIT-M: RELOAD' comment above openssl_cleanup(); #ifdef ENABLE_APPID_THIRD_PARTY diff --git a/src/network_inspectors/appid/appid_inspector.h b/src/network_inspectors/appid/appid_inspector.h index 6c582eafb..d2640332b 100644 --- a/src/network_inspectors/appid/appid_inspector.h +++ b/src/network_inspectors/appid/appid_inspector.h @@ -46,7 +46,7 @@ public: void tinit() override; void tterm() override; void eval(snort::Packet*) override; - AppIdConfig* get_appid_config(); + AppIdContext* get_ctxt(); SipEventHandler& get_sip_event_handler() { @@ -54,14 +54,14 @@ public: } private: - const AppIdModuleConfig* config = nullptr; - AppIdConfig* active_config = nullptr; + const AppIdConfig* config = nullptr; + AppIdContext* ctxt = nullptr; SipEventHandler* my_seh = nullptr; }; #ifdef ENABLE_APPID_THIRD_PARTY -extern THREAD_LOCAL ThirdPartyAppIDModule* tp_appid_thread_ctxt; +extern THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt; #endif #endif diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index fec0ae9bc..35fa39fae 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -186,8 +186,8 @@ static int reload_third_party(lua_State*) Swapper::set_reload_in_progress(true); LogMessage(".. reloading third-party"); AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); - AppIdConfig* config = inspector->get_appid_config(); - config->create_tp_appid_ctxt(); + AppIdContext* ctxt = inspector->get_ctxt(); + ctxt->create_tp_appid_ctxt(); Swapper::set_reload_in_progress(false); } #else @@ -245,9 +245,9 @@ ProfileStats* AppIdModule::get_profile() const return &appid_perf_stats; } -const AppIdModuleConfig* AppIdModule::get_data() +const AppIdConfig* AppIdModule::get_data() { - AppIdModuleConfig* temp = config; + AppIdConfig* temp = config; config = nullptr; return temp; } @@ -299,7 +299,7 @@ bool AppIdModule::begin(const char* /*fqn*/, int, SnortConfig*) if ( config ) return false; - config = new AppIdModuleConfig; + config = new AppIdConfig; return true; } diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index 650822ae0..5644b3f2b 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -77,7 +77,7 @@ public: PegCount* get_counts() const override; snort::ProfileStats* get_profile() const override; - const AppIdModuleConfig* get_data(); + const AppIdConfig* get_data(); Usage get_usage() const override { return CONTEXT; } @@ -85,7 +85,7 @@ public: void show_dynamic_stats() override; private: - AppIdModuleConfig* config; + AppIdConfig* config; AppIdReloadTuner appid_rrt; }; diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 77c531302..49b54d475 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -94,7 +94,7 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), config(inspector.get_appid_config()), + : FlowData(inspector_id, &inspector), ctxt(inspector.get_ctxt()), protocol(proto) { service_ip.clear(); @@ -115,7 +115,7 @@ AppIdSession::~AppIdSession() { if (!in_expected_cache) { - if (config->mod_config->stats_logging_enabled) + if (ctxt->config->stats_logging_enabled) AppIdStatistics::get_stats_manager()->update(*this); // fail any service detection that is in process for this flow @@ -190,7 +190,6 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S // FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector); - asd->common.policyId = asd->config->appIdPolicyId; if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp, cliPort, srvIp, srvPort, snort_protocol_id, asd)) @@ -928,7 +927,7 @@ AppIdDnsSession* AppIdSession::get_dns_session() bool AppIdSession::is_tp_appid_done() const { #ifdef ENABLE_APPID_THIRD_PARTY - if (config->get_tp_appid_ctxt()) + if (ctxt->get_tp_appid_ctxt()) { if (!tpsession) return false; @@ -957,7 +956,7 @@ bool AppIdSession::is_tp_processing_done() const bool AppIdSession::is_tp_appid_available() const { #ifdef ENABLE_APPID_THIRD_PARTY - if (config->get_tp_appid_ctxt()) + if (ctxt->get_tp_appid_ctxt()) { if (!tpsession) return false; diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index aabc69439..2b9c354b0 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -42,7 +42,7 @@ class ClientDetector; class ServiceDetector; class AppIdDnsSession; class AppIdHttpSession; -class ThirdPartyAppIDSession; +class ThirdPartyAppIdSession; using AppIdFreeFCN = void (*)(void*); @@ -206,7 +206,7 @@ public: uint32_t session_id = 0; snort::Flow* flow = nullptr; - AppIdConfig* config; + AppIdContext* ctxt; std::unordered_map flow_data; AppInfoManager* app_info_mgr = nullptr; CommonAppIdData common; @@ -244,7 +244,7 @@ public: TlsSession* tsession = nullptr; unsigned scan_flags = 0; - ThirdPartyAppIDSession* tpsession = nullptr; + ThirdPartyAppIdSession* tpsession = nullptr; uint16_t init_tpPackets = 0; uint16_t resp_tpPackets = 0; bool tp_reinspect_by_initiator = false; diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index 993ce994d..244fbcb5c 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -133,7 +133,7 @@ bool AppIdSessionApi::is_appid_inspecting_session() return true; } - if (asd->config->mod_config->check_host_port_app_cache) + if (asd->ctxt->config->check_host_port_app_cache) return true; return false; diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index b298b992d..014b2402a 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -176,7 +176,7 @@ void AppIdStatistics::dump_statistics() } } -AppIdStatistics::AppIdStatistics(const AppIdModuleConfig& config) +AppIdStatistics::AppIdStatistics(const AppIdConfig& config) { enabled = true; @@ -214,7 +214,7 @@ AppIdStatistics::~AppIdStatistics() } } -AppIdStatistics* AppIdStatistics::initialize_manager(const AppIdModuleConfig& config) +AppIdStatistics* AppIdStatistics::initialize_manager(const AppIdConfig& config) { if ( !config.stats_logging_enabled ) return nullptr; diff --git a/src/network_inspectors/appid/appid_stats.h b/src/network_inspectors/appid/appid_stats.h index 0f995983c..80d7bbb49 100644 --- a/src/network_inspectors/appid/appid_stats.h +++ b/src/network_inspectors/appid/appid_stats.h @@ -29,7 +29,7 @@ #include "utils/sflsq.h" class AppIdSession; -class AppIdModuleConfig; +class AppIdConfig; struct StatsBucket { @@ -48,14 +48,14 @@ class AppIdStatistics public: ~AppIdStatistics(); - static AppIdStatistics* initialize_manager(const AppIdModuleConfig&); + static AppIdStatistics* initialize_manager(const AppIdConfig&); static AppIdStatistics* get_stats_manager(); static void cleanup(); void update(AppIdSession&); void flush(); private: - AppIdStatistics(const AppIdModuleConfig&); + AppIdStatistics(const AppIdConfig&); time_t get_time() { diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc index 7d59e8826..45d49d491 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc @@ -602,7 +602,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) goto udp_done; } if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data, - args.config->mod_config->dns_host_reporting, args.asd)) != APPID_SUCCESS) + args.ctxt->config->dns_host_reporting, args.asd)) != APPID_SUCCESS) { if (rval == APPID_REVERSED) { @@ -613,7 +613,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, got a // response, and now we've got another query. rval = validate_packet(args.data, args.size, args.dir, - args.config->mod_config->dns_host_reporting, args.asd); + args.ctxt->config->dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) goto inprocess; } @@ -624,7 +624,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, but now we've got // a response. rval = validate_packet(args.data, args.size, args.dir, - args.config->mod_config->dns_host_reporting, args.asd); + args.ctxt->config->dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) { args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED); @@ -638,7 +638,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) } rval = validate_packet(args.data, args.size, args.dir, - args.config->mod_config->dns_host_reporting, args.asd); + args.ctxt->config->dns_host_reporting, args.asd); if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR)) goto inprocess; @@ -690,7 +690,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) uint16_t size = args.size - sizeof(DNSTCPHeader); uint16_t tmp = ntohs(hdr->length); if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data, - args.config->mod_config->dns_host_reporting, args.asd)) + args.ctxt->config->dns_host_reporting, args.asd)) { if (args.dir == APP_ID_FROM_INITIATOR) goto not_compatible; @@ -701,7 +701,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) if (tmp > size) goto not_compatible; rval = validate_packet(data, size, args.dir, - args.config->mod_config->dns_host_reporting, args.asd); + args.ctxt->config->dns_host_reporting, args.asd); if (rval != APPID_SUCCESS) goto tcp_done; diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index 07c2b9fe1..f823c5fae 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -981,7 +981,7 @@ void HttpPatternMatchers::scan_key_chp(ChpMatchDescriptor& cmd) } AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, char** user, - int* total_found, AppIdHttpSession* hsession, const AppIdModuleConfig* mod_config) + int* total_found, AppIdHttpSession* hsession, const AppIdConfig* config) { MatchedCHPAction* insert_sweep2 = nullptr; bool inhibit_modify = false; @@ -1000,7 +1000,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, cha else cmd.sort_chp_matches(); - if (!mod_config->safe_search_enabled) + if (!config->safe_search_enabled) cmd.chp_rewritten[pt] = nullptr; for ( auto& tmp: cmd.chp_matches[pt] ) @@ -1044,7 +1044,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, cha hsession->set_skip_simple_detect(true); break; case EXTRACT_USER: - if ( !*user && !mod_config->chp_userid_disabled ) + if ( !*user && !config->chp_userid_disabled ) { extract_chp(cmd.buffer[pt], cmd.length[pt], tmp.start_match_pos, match->psize, match->action_data, user); diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index dac7ac155..a4c9d3871 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -41,7 +41,7 @@ struct AppIdServiceSubtype; struct Packet; } class AppIdHttpSession; -class AppIdModuleConfig; +class AppIdConfig; enum httpPatternType { @@ -302,7 +302,7 @@ public: void scan_key_chp(ChpMatchDescriptor&); AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*, - const AppIdModuleConfig*); + const AppIdConfig*); AppId scan_header_x_working_with(const char*, uint32_t, char**); int get_appid_by_pattern(const char*, unsigned, char**); bool get_appid_from_url(char*, const char*, char**, const char*, AppId*, AppId*, diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index c6ea57b9f..fd0a14b79 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -99,7 +99,7 @@ public: }; // Stubs for modules, config -AppIdModuleConfig::~AppIdModuleConfig() = default; +AppIdConfig::~AppIdConfig() = default; AppIdModule::AppIdModule() : Module("a", "b") { } AppIdModule::~AppIdModule() = default; diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index f19aa3289..c20c36c75 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -49,7 +49,7 @@ static char* user = nullptr; static char* my_action_data = (char*)"0"; static const char* my_chp_data = (const char*)"chp_data"; static int total_found; -static AppIdModuleConfig mod_config; +static AppIdConfig config; static AppId service_id = APP_ID_NONE; static AppId client_id = APP_ID_NONE; static DetectorHTTPPattern mpattern; @@ -266,9 +266,9 @@ TEST(http_url_patterns_tests, scan_chp_defer) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } @@ -282,9 +282,9 @@ TEST(http_url_patterns_tests, scan_chp_alt_appid) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } @@ -299,12 +299,12 @@ TEST(http_url_patterns_tests, scan_chp_extract_user) mchp.mpattern = &chpa_test; mchp.start_match_pos = 0; cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword"; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(user); user = nullptr; @@ -315,7 +315,7 @@ TEST(http_url_patterns_tests, scan_chp_rewrite_field) // testing REWRITE_FIELD test_find_all_done = false; cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; chpa_test.action_data = my_action_data; chpa_test.appIdInstance = APP_ID_NONE; chpa_test.action = REWRITE_FIELD; @@ -326,7 +326,7 @@ TEST(http_url_patterns_tests, scan_chp_rewrite_field) cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(const_cast(cmd_test.chp_rewritten[RSP_BODY_FID])); cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr; @@ -337,7 +337,7 @@ TEST(http_url_patterns_tests, scan_chp_insert_without_action) // testing INSERT_FIELD without action_data test_find_all_done = false; cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; chpa_test.action_data = nullptr; chpa_test.appIdInstance = APP_ID_NONE; chpa_test.action = INSERT_FIELD; @@ -348,7 +348,7 @@ TEST(http_url_patterns_tests, scan_chp_insert_without_action) cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(const_cast(cmd_test.chp_rewritten[RSP_BODY_FID])); cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr; @@ -359,7 +359,7 @@ TEST(http_url_patterns_tests, scan_chp_insert_with_action) // testing INSERT_FIELD with action_data test_find_all_done = false; cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; chpa_test.action_data = my_action_data; chpa_test.appIdInstance = APP_ID_NONE; chpa_test.action = INSERT_FIELD; @@ -370,7 +370,7 @@ TEST(http_url_patterns_tests, scan_chp_insert_with_action) cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(const_cast(cmd_test.chp_rewritten[RSP_BODY_FID])); cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr; @@ -386,13 +386,13 @@ TEST(http_url_patterns_tests, scan_chp_hold_and_default) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - mod_config.safe_search_enabled = false; + config.safe_search_enabled = false; chpa_test.psize = 1; mchp.start_match_pos = 0; cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); // testing FUTURE_APPID_SESSION_SIP (default action) @@ -403,7 +403,7 @@ TEST(http_url_patterns_tests, scan_chp_hold_and_default) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const - AppIdModuleConfig*)&mod_config) == APP_ID_NONE); + AppIdConfig*)&config) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } diff --git a/src/network_inspectors/appid/dev_notes.txt b/src/network_inspectors/appid/dev_notes.txt index 47fba27e7..1a0604bcf 100644 --- a/src/network_inspectors/appid/dev_notes.txt +++ b/src/network_inspectors/appid/dev_notes.txt @@ -36,7 +36,7 @@ to the application name. The set of Lua detectors that AppId loads are located in the odp/lua subdirectory of the directory that contains the mapping configuration file. -The legacy 'RNA' configuration is processed by the AppIdConfig class. This is currently not supported so +The legacy 'RNA' configuration is processed by the AppIdContext class. This is currently not supported so no additional details provided here at this time. This section should be updated once this feature is supported. diff --git a/src/network_inspectors/appid/length_app_cache.h b/src/network_inspectors/appid/length_app_cache.h index ac8e9be34..e377b2c43 100644 --- a/src/network_inspectors/appid/length_app_cache.h +++ b/src/network_inspectors/appid/length_app_cache.h @@ -30,7 +30,6 @@ #pragma pack(1) -class AppIdConfig; enum class IpProtocol : uint8_t; struct LengthSequenceEntry diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 7983b81d4..c5d02074f 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1726,11 +1726,11 @@ static int detector_port_only_service(lua_State* L) uint8_t protocol = lua_tointeger(L, ++index); if (port == 0) - AppIdConfig::ip_protocol[protocol] = appId; + AppIdContext::ip_protocol[protocol] = appId; else if (protocol == 6) - AppIdConfig::tcp_port_only[port] = appId; + AppIdContext::tcp_port_only[port] = appId; else if (protocol == 17) - AppIdConfig::udp_port_only[port] = appId; + AppIdContext::udp_port_only[port] = appId; AppInfoManager::get_instance().set_app_info_active(appId); diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 81c341b24..9da5bbe11 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -95,7 +95,7 @@ inline void set_control(lua_State* L, int is_control) lua_pop(L, 1); } -static lua_State* create_lua_state(const AppIdModuleConfig* mod_config, int is_control) +static lua_State* create_lua_state(const AppIdConfig* config, int is_control) { auto L = luaL_newstate(); @@ -134,12 +134,12 @@ static lua_State* create_lua_state(const AppIdModuleConfig* mod_config, int is_c { snprintf(new_lua_path, sizeof(new_lua_path) - 1, "%s;%s/odp/libs/?.lua;%s/custom/libs/?.lua", - cur_lua_path, mod_config->app_detector_dir, mod_config->app_detector_dir); + cur_lua_path, config->app_detector_dir, config->app_detector_dir); } else { snprintf(new_lua_path, sizeof(new_lua_path) - 1, "%s/odp/libs/?.lua;%s/custom/libs/?.lua", - mod_config->app_detector_dir, mod_config->app_detector_dir); + config->app_detector_dir, config->app_detector_dir); } lua_pop(L, 1); @@ -150,13 +150,13 @@ static lua_State* create_lua_state(const AppIdModuleConfig* mod_config, int is_c return L; } -LuaDetectorManager::LuaDetectorManager(AppIdConfig& config, int is_control) : - config(config) +LuaDetectorManager::LuaDetectorManager(AppIdContext& ctxt, int is_control) : + ctxt(ctxt) { sflist_init(&allocated_detector_flow_list); allocated_objects.clear(); cb_detectors.clear(); - L = create_lua_state(config.mod_config, is_control); + L = create_lua_state(ctxt.config, is_control); if (is_control == 1) init_chp_glossary(); } @@ -198,13 +198,13 @@ LuaDetectorManager::~LuaDetectorManager() cb_detectors.clear(); // do not free Lua objects in cb_detectors } -void LuaDetectorManager::initialize(AppIdConfig& config, int is_control) +void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control) { // FIXIT-M: RELOAD - When reload is supported, remove this line which prevents re-initialize if (lua_detector_mgr) return; - lua_detector_mgr = new LuaDetectorManager(config, is_control); + lua_detector_mgr = new LuaDetectorManager(ctxt, is_control); if (!lua_detector_mgr->L) FatalError("Error - appid: can not create new luaState, instance=%u\n", @@ -213,7 +213,7 @@ void LuaDetectorManager::initialize(AppIdConfig& config, int is_control) lua_detector_mgr->initialize_lua_detectors(); lua_detector_mgr->activate_lua_detectors(); - if (config.mod_config->debug) + if (ctxt.config->debug) lua_detector_mgr->list_lua_detectors(); } @@ -458,7 +458,7 @@ void LuaDetectorManager::load_lua_detectors(const char* path, bool isCustom) void LuaDetectorManager::initialize_lua_detectors() { char path[PATH_MAX]; - const char* dir = config.mod_config->app_detector_dir; + const char* dir = ctxt.config->app_detector_dir; if ( !dir ) return; diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h index 4df547aaf..914a62222 100644 --- a/src/network_inspectors/appid/lua_detector_module.h +++ b/src/network_inspectors/appid/lua_detector_module.h @@ -35,7 +35,7 @@ #include "application_ids.h" -class AppIdConfig; +class AppIdContext; class AppIdDetector; struct DetectorFlow; class LuaObject; @@ -47,9 +47,9 @@ bool get_lua_field(lua_State* L, int table, const char* field, IpProtocol& out); class LuaDetectorManager { public: - LuaDetectorManager(AppIdConfig&, int); + LuaDetectorManager(AppIdContext&, int); ~LuaDetectorManager(); - static void initialize(AppIdConfig&, int is_control=0); + static void initialize(AppIdContext&, int is_control=0); static void terminate(); static void add_detector_flow(DetectorFlow*); static void free_detector_flows(); @@ -65,7 +65,7 @@ private: void load_detector(char* detectorName, bool isCustom); void load_lua_detectors(const char* path, bool isCustom); - AppIdConfig& config; + AppIdContext& ctxt; std::list allocated_objects; size_t num_odp_detectors = 0; std::map cb_detectors; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 2890b333e..16394d8d0 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -700,7 +700,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, } AppIdDnsSession* dsession = asd.get_dns_session(); - if (asd.service.get_id() == APP_ID_DNS && asd.config->mod_config->dns_host_reporting + if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->config->dns_host_reporting && dsession->get_host()) { AppId client_id = APP_ID_NONE; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.h b/src/network_inspectors/appid/service_plugins/service_discovery.h index 90d44b3f3..eca11919e 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.h +++ b/src/network_inspectors/appid/service_plugins/service_discovery.h @@ -33,7 +33,6 @@ #include "appid_types.h" -class AppIdConfig; class AppIdSession; class ServiceDetector; class ServiceDiscoveryState; diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index 88e3fc20c..9ba977d95 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -150,7 +150,7 @@ int MdnsServiceDetector::validate(AppIdDiscoveryArgs& args) ret_val = validate_reply(args.data, args.size); if (ret_val == 1) { - if (args.config->mod_config->mdns_user_reporting) + if (args.ctxt->config->mdns_user_reporting) { analyze_user(args.asd, args.pkt, args.size); destroy_match_list(); diff --git a/src/network_inspectors/appid/service_plugins/service_rtmp.cc b/src/network_inspectors/appid/service_plugins/service_rtmp.cc index af83a8c73..ecc4a43f3 100644 --- a/src/network_inspectors/appid/service_plugins/service_rtmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_rtmp.cc @@ -615,7 +615,7 @@ int RtmpServiceDetector::validate(AppIdDiscoveryArgs& args) } /* Give up if it's taking us too long to figure out this thing. */ - if (args.asd.session_packet_count >= args.asd.config->mod_config->rtmp_max_packets) + if (args.asd.session_packet_count >= args.asd.ctxt->config->rtmp_max_packets) { goto fail; } @@ -648,7 +648,7 @@ success: if ( ss->pageUrl ) { if ( !hsession->get_field(REQ_REFERER_FID) && - !args.asd.config->mod_config->referred_appId_disabled ) + !args.asd.ctxt->config->referred_appId_disabled ) hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits); snort_free(ss->pageUrl); diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 50050226c..00132f869 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -138,15 +138,15 @@ PegCount* AppIdModule::get_counts() const { return nullptr; } ProfileStats* AppIdModule::get_profile() const { return nullptr; } // Stubs for config -AppIdModuleConfig::~AppIdModuleConfig() {} -static AppIdModuleConfig app_config; -static AppIdConfig my_app_config(&app_config); -AppId AppIdConfig::get_port_service_id(IpProtocol, uint16_t) +AppIdConfig::~AppIdConfig() {} +static AppIdConfig app_config; +static AppIdContext app_ctxt(&app_config); +AppId AppIdContext::get_port_service_id(IpProtocol, uint16_t) { return APP_ID_NONE; } -AppId AppIdConfig::get_protocol_service_id(IpProtocol) +AppId AppIdContext::get_protocol_service_id(IpProtocol) { return APP_ID_NONE; } @@ -159,10 +159,10 @@ bool AppIdInspector::configure(SnortConfig*) { return true; } void AppIdInspector::show(SnortConfig*) { } void AppIdInspector::tinit() { } void AppIdInspector::tterm() { } -AppIdConfig* AppIdInspector::get_appid_config() +AppIdContext* AppIdInspector::get_ctxt() { - my_app_config.mod_config = &app_config; - return &my_app_config; + app_ctxt.config = &app_config; + return &app_ctxt; } // Stubs for AppInfoManager @@ -256,7 +256,7 @@ int dns_host_scan_hostname(const uint8_t*, size_t, AppId*, AppId*) { return 0; } -bool do_tp_discovery(ThirdPartyAppIDModule& , AppIdSession&, IpProtocol, +bool do_tp_discovery(ThirdPartyAppIdContext& , AppIdSession&, IpProtocol, Packet*, AppidSessionDirection&, AppidChangeBits&) { return true; @@ -330,7 +330,7 @@ TEST(appid_discovery_tests, event_published_when_ignoring_flow) Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; - asd->config = &my_app_config; + asd->ctxt = &app_ctxt; asd->common.initiator_port = 21; asd->common.initiator_ip.set("1.2.3.4"); asd->set_session_flags(APPID_SESSION_IGNORE_FLOW); @@ -366,7 +366,7 @@ TEST(appid_discovery_tests, event_published_when_processing_flow) Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; - asd->config = &my_app_config; + asd->ctxt = &app_ctxt; asd->common.initiator_port = 21; asd->common.initiator_ip.set("1.2.3.4"); @@ -427,7 +427,7 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) flow->set_flow_data(asd); p.flow = flow; p.ptrs.tcph = nullptr; - asd->config = &my_app_config; + asd->ctxt = &app_ctxt; asd->common.initiator_port = 21; asd->common.initiator_ip.set("1.2.3.4"); asd->misc_app_id = APP_ID_NONE; diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index f5e9e7dc1..cb21a782c 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -66,7 +66,7 @@ AppId HttpPatternMatchers::scan_header_x_working_with(const char*, uint32_t, cha } AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**, - int*, AppIdHttpSession*, const AppIdModuleConfig*) + int*, AppIdHttpSession*, const AppIdConfig*) { return 0; } diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 3716d8006..8ac9d7497 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -24,10 +24,9 @@ #include "service_inspectors/http_inspect/http_msg_header.h" class Inspector; -struct ThirdPartyAppIDModule; +struct ThirdPartyAppIdContext; -AppIdConfig* pAppidActiveConfig = nullptr; -ThirdPartyAppIDModule* tp_appid_module = nullptr; +ThirdPartyAppIdContext* tp_appid_ctxt = nullptr; namespace snort { diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index ba5e3b689..b572cbfdf 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -219,7 +219,7 @@ TEST(appid_session_api, is_appid_inspecting_session) // 4th if in is_appid_inspecting_session mock_session->set_tp_app_id(APP_ID_NONE); - mock_session->config->mod_config->check_host_port_app_cache = true; + mock_session->ctxt->config->check_host_port_app_cache = true; val = appid_session_api->is_appid_inspecting_session(); CHECK_TRUE(val); } @@ -366,8 +366,8 @@ int main(int argc, char** argv) { mock_init_appid_pegs(); mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector); - AppIdModuleConfig *mod_config = new AppIdModuleConfig(); - mock_session->config = new AppIdConfig(mod_config); + AppIdConfig *config = new AppIdConfig(); + mock_session->ctxt = new AppIdContext(config); int rc = CommandLineTestRunner::RunAllTests(argc, argv); mock_cleanup_appid_pegs(); return rc; diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index 877f8c227..c484c2464 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -39,7 +39,7 @@ using namespace std; TPLibHandler* tph = nullptr; -AppIdModuleConfig::~AppIdModuleConfig() { } +AppIdConfig::~AppIdConfig() { } TEST_GROUP(tp_lib_handler) { @@ -47,21 +47,21 @@ TEST_GROUP(tp_lib_handler) TEST(tp_lib_handler, load_unload) { - AppIdModuleConfig config; + AppIdConfig config; config.tp_appid_path="./libtp_mock.so"; config.tp_appid_config="./tp.config"; tph = TPLibHandler::get(); - ThirdPartyAppIDModule* tpm = TPLibHandler::create_tp_appid_ctxt(config); - CHECK_TRUE(tpm != nullptr); + ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config); + CHECK_TRUE(ctxt != nullptr); TpAppIdCreateSession asf = tph->tpsession_factory(); - ThirdPartyAppIDSession* tpsession = asf(*tpm); + ThirdPartyAppIdSession* tpsession = asf(*ctxt); CHECK_TRUE(tpsession != nullptr); delete tpsession; - delete tpm; + delete ctxt; TPLibHandler::pfini(); } @@ -77,11 +77,11 @@ TEST(tp_lib_handler, tp_lib_handler_get) TEST(tp_lib_handler, load_error) { // Trigger load error: - AppIdModuleConfig config; + AppIdConfig config; config.tp_appid_path="nonexistent.so"; TPLibHandler::get(); - ThirdPartyAppIDModule* tpm = TPLibHandler::create_tp_appid_ctxt(config); - CHECK_TRUE(tpm == nullptr); + ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config); + CHECK_TRUE(ctxt == nullptr); TPLibHandler::pfini(); } diff --git a/src/network_inspectors/appid/test/tp_mock.cc b/src/network_inspectors/appid/test/tp_mock.cc index b21dbd64d..88a4de79a 100644 --- a/src/network_inspectors/appid/test/tp_mock.cc +++ b/src/network_inspectors/appid/test/tp_mock.cc @@ -39,16 +39,16 @@ using namespace snort; using namespace std; -class ThirdPartyAppIDModuleImpl : public ThirdPartyAppIDModule +class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext { public: - ThirdPartyAppIDModuleImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config) - : ThirdPartyAppIDModule(ver, mname, config) + ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config) + : ThirdPartyAppIdContext(ver, mname, config) { cerr << WhereMacro << endl; } - ~ThirdPartyAppIDModuleImpl() + ~ThirdPartyAppIdContextImpl() { cerr << WhereMacro << endl; } @@ -57,11 +57,11 @@ public: int tfini() override { return 0; } }; -class ThirdPartyAppIDSessionImpl : public ThirdPartyAppIDSession +class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession { public: - ThirdPartyAppIDSessionImpl(ThirdPartyAppIDModule& ctxt) - : ThirdPartyAppIDSession(ctxt) + ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& ctxt) + : ThirdPartyAppIdSession(ctxt) { } bool reset() override { return 1; } void delete_with_ctxt() override { delete this; } @@ -84,14 +84,14 @@ private: // once the .so has been loaded. extern "C" { - SO_PUBLIC ThirdPartyAppIDModuleImpl* tp_appid_create_ctxt(ThirdPartyConfig& config) + SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& config) { - return new ThirdPartyAppIDModuleImpl(2,"foobar", config); + return new ThirdPartyAppIdContextImpl(3,"foobar", config); } - SO_PUBLIC ThirdPartyAppIDSessionImpl* tp_appid_create_session(ThirdPartyAppIDModule& ctxt) + SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt) { - return new ThirdPartyAppIDSessionImpl(ctxt); + return new ThirdPartyAppIdSessionImpl(ctxt); } SO_PUBLIC int tp_appid_pfini() diff --git a/src/network_inspectors/appid/tp_appid_module_api.h b/src/network_inspectors/appid/tp_appid_module_api.h index 39bbee899..d397122a3 100644 --- a/src/network_inspectors/appid/tp_appid_module_api.h +++ b/src/network_inspectors/appid/tp_appid_module_api.h @@ -25,7 +25,7 @@ #include #include "tp_appid_types.h" -#define THIRD_PARTY_APP_ID_API_VERSION 2 +#define THIRD_PARTY_APP_ID_API_VERSION 3 class ThirdPartyConfig { @@ -49,13 +49,13 @@ public: } }; -class ThirdPartyAppIDModule +class ThirdPartyAppIdContext { public: - ThirdPartyAppIDModule(uint32_t ver, const char* mname, ThirdPartyConfig& config) + ThirdPartyAppIdContext(uint32_t ver, const char* mname, ThirdPartyConfig& config) : version(ver), name(mname), cfg(config) { } - virtual ~ThirdPartyAppIDModule() { } + virtual ~ThirdPartyAppIdContext() { } uint32_t api_version() const { return version; } const std::string& module_name() const { return name; } @@ -73,7 +73,7 @@ protected: private: // No implicit constructor as derived classes need to provide // version and name. - ThirdPartyAppIDModule() : version(0), name("") { } + ThirdPartyAppIdContext() : version(0), name("") { } }; #endif diff --git a/src/network_inspectors/appid/tp_appid_session_api.h b/src/network_inspectors/appid/tp_appid_session_api.h index 1a904985b..e025ec45c 100644 --- a/src/network_inspectors/appid/tp_appid_session_api.h +++ b/src/network_inspectors/appid/tp_appid_session_api.h @@ -32,14 +32,14 @@ namespace snort struct Packet; } -class ThirdPartyAppIDModule; +class ThirdPartyAppIdContext; -class ThirdPartyAppIDSession +class ThirdPartyAppIdSession { public: - ThirdPartyAppIDSession(ThirdPartyAppIDModule& ctxt) + ThirdPartyAppIdSession(ThirdPartyAppIdContext& ctxt) : appid(APP_ID_NONE), confidence(100), state(TP_STATE_INIT), ctxt(ctxt) { } - virtual ~ThirdPartyAppIDSession() { } + virtual ~ThirdPartyAppIdSession() { } virtual bool reset() = 0; // just reset state virtual void delete_with_ctxt() = 0; @@ -55,14 +55,14 @@ public: virtual void set_attr(TPSessionAttr) = 0; virtual unsigned get_attr(TPSessionAttr) = 0; virtual AppId get_appid(int& conf) { conf=confidence; return appid; } - virtual const ThirdPartyAppIDModule* get_ctxt() const + virtual const ThirdPartyAppIdContext* get_ctxt() const { return &ctxt; } protected: AppId appid; int confidence; TPState state; - const ThirdPartyAppIDModule& ctxt; + const ThirdPartyAppIdContext& ctxt; }; #endif diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index fdd6556c0..e2633ba2d 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -85,7 +85,7 @@ static inline int check_ssl_appid_for_reinspect(AppId app_id) // Consider passing all the metadata pointers (e.g. host, url, etc.) // to AppIdHttpSession directly from the thirdparty.so callbacks. // -// Or, register observers with THirdPartyAppIDAttributeData and modify the +// Or, register observers with ThirdPartyAppIDAttributeData and modify the // set functions to copy the tp buffers directly into the appropriate observer. // // Or, replace ThirdParty with 1st Party http_inspect. @@ -294,7 +294,7 @@ static inline void process_http_session(AppIdSession& asd, LogMessage("AppIdDbg %s HTTP response upgrade is %s\n", appidDebug->get_debug_session(),field->c_str()); - if (asd.config->mod_config->http2_detection_enabled) + if (asd.ctxt->config->http2_detection_enabled) { const std::string* rc = hsession->get_field(MISC_RESP_CODE_FID); if ( rc && *rc == "101" ) @@ -426,7 +426,7 @@ static inline void process_rtmp(AppIdSession& asd, } } - if ( !asd.config->mod_config->referred_appId_disabled && + if ( !asd.ctxt->config->referred_appId_disabled && !hsession->get_field(REQ_REFERER_FID) ) { if ( ( field=attribute_data.http_request_referer(own) ) != nullptr ) @@ -471,7 +471,7 @@ static inline void process_rtmp(AppIdSession& asd, } if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 && - asd.session_packet_count > asd.config->mod_config->rtmp_max_packets) ) + asd.session_packet_count > asd.ctxt->config->rtmp_max_packets) ) { const std::string* url; if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr ) @@ -514,7 +514,6 @@ static inline void process_ssl(AppIdSession& asd, const string* field = 0; int reinspect_ssl_appid = 0; - // if (tp_appid_module && asd.tpsession) tmpAppId = asd.tpsession->get_appid(tmpConfidence); asd.set_session_flags(APPID_SESSION_SSL_SESSION); @@ -554,7 +553,7 @@ static inline void process_ftp_control(AppIdSession& asd, ThirdPartyAppIDAttributeData& attribute_data) { const string* field=0; - if (!asd.config->mod_config->ftp_userid_disabled && + if (!asd.ctxt->config->ftp_userid_disabled && (field=attribute_data.ftp_command_user()) != nullptr) { asd.client.update_user(APP_ID_FTP_CONTROL, field->c_str()); @@ -603,7 +602,7 @@ static inline void check_terminate_tp_module(AppIdSession& asd, uint16_t tpPktCo { AppIdHttpSession* hsession = asd.get_http_session(); - if ((tpPktCount >= asd.config->mod_config->max_tp_flow_depth) || + if ((tpPktCount >= asd.ctxt->config->max_tp_flow_depth) || (asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) == (APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) && hsession->get_field(REQ_URI_FID) && @@ -621,7 +620,7 @@ static inline void check_terminate_tp_module(AppIdSession& asd, uint16_t tpPktCo } } -bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession& asd, IpProtocol protocol, +bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, IpProtocol protocol, Packet* p, AppidSessionDirection& direction, AppidChangeBits& change_bits) { AppId tp_app_id = asd.get_tp_app_id(); @@ -641,7 +640,7 @@ bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession& asd, IpProt /*** Start of third-party processing. ***/ bool isTpAppidDiscoveryDone = false; - if (p->dsize || asd.config->mod_config->tp_allow_probes) + if (p->dsize || asd.ctxt->config->tp_allow_probes) { //restart inspection by 3rd party if (!asd.tp_reinspect_by_initiator && (direction == APP_ID_FROM_INITIATOR) && @@ -659,7 +658,7 @@ bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession& asd, IpProt if (!asd.is_tp_processing_done()) { if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK) - || asd.config->mod_config->tp_allow_probes) + || asd.ctxt->config->tp_allow_probes) { int tp_confidence; ThirdPartyAppIDAttributeData tp_attribute_data; @@ -669,7 +668,7 @@ bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession& asd, IpProt { const TPLibHandler* tph = TPLibHandler::get(); TpAppIdCreateSession tpsf = tph->tpsession_factory(); - if ( !(asd.tpsession = tpsf(tp_module)) ) + if ( !(asd.tpsession = tpsf(tp_appid_ctxt)) ) ErrorMessage("Could not allocate asd.tpsession data"); } diff --git a/src/network_inspectors/appid/tp_appid_utils.h b/src/network_inspectors/appid/tp_appid_utils.h index 943cb3ff3..a30536097 100644 --- a/src/network_inspectors/appid/tp_appid_utils.h +++ b/src/network_inspectors/appid/tp_appid_utils.h @@ -26,7 +26,7 @@ class AppIdSession; -bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession&, IpProtocol, snort::Packet*, +bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession&, IpProtocol, snort::Packet*, AppidSessionDirection&, AppidChangeBits&); #endif diff --git a/src/network_inspectors/appid/tp_lib_handler.cc b/src/network_inspectors/appid/tp_lib_handler.cc index 50720522a..490cb797e 100644 --- a/src/network_inspectors/appid/tp_lib_handler.cc +++ b/src/network_inspectors/appid/tp_lib_handler.cc @@ -79,7 +79,7 @@ bool TPLibHandler::load_callback(const char* const path) return true; } -ThirdPartyAppIDModule* TPLibHandler::create_tp_appid_ctxt(const AppIdModuleConfig& config) +ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& config) { assert(self != nullptr); @@ -107,7 +107,7 @@ ThirdPartyAppIDModule* TPLibHandler::create_tp_appid_ctxt(const AppIdModuleConfi tp_config.http_upgrade_reporting_enabled = 0; tp_config.http_response_version_enabled = config.http_response_version_enabled; - ThirdPartyAppIDModule* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config); + ThirdPartyAppIdContext* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config); if (tp_appid_ctxt == nullptr) { ErrorMessage("Failed to create third party appId context.\n"); diff --git a/src/network_inspectors/appid/tp_lib_handler.h b/src/network_inspectors/appid/tp_lib_handler.h index e461d4582..5c8ff68f7 100644 --- a/src/network_inspectors/appid/tp_lib_handler.h +++ b/src/network_inspectors/appid/tp_lib_handler.h @@ -24,12 +24,12 @@ #include "tp_appid_module_api.h" #include "tp_appid_session_api.h" -class AppIdModuleConfig; +class AppIdConfig; // This needs to be exported by any third party .so library. // Must return NULL if it fails to create the object. -typedef ThirdPartyAppIDModule* (* TpAppIdCreateCtxt)(ThirdPartyConfig& ); -typedef ThirdPartyAppIDSession* (* TpAppIdCreateSession)(ThirdPartyAppIDModule& ctxt); +typedef ThirdPartyAppIdContext* (* TpAppIdCreateCtxt)(ThirdPartyConfig& ); +typedef ThirdPartyAppIdSession* (* TpAppIdCreateSession)(ThirdPartyAppIdContext& ctxt); typedef int (* TpAppIdPfini)(); typedef int (* TpAppIdTfini)(); @@ -45,7 +45,7 @@ public: return (self = new TPLibHandler()); } - static ThirdPartyAppIDModule* create_tp_appid_ctxt(const AppIdModuleConfig& config); + static ThirdPartyAppIdContext* create_tp_appid_ctxt(const AppIdConfig& config); static void tfini(); static void pfini();