From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 26 Jan 2021 18:08:13 +0000 (+0000) Subject: Merge pull request #2700 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_cleanup... X-Git-Tag: 3.1.1.0~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a70833ba821ffbe38c5a4b1fa304311845f9020;p=thirdparty%2Fsnort3.git Merge pull request #2700 in SNORT/snort3 from ~SHRARANG/snort3:appid_lua_cleanup to master Squashed commit of the following: commit b99a830b4eaefa3394534da367df1f1fcd6aed10 Author: Shravan Rangaraju Date: Mon Jan 11 10:52:37 2021 -0500 appid: remove unused code; cleanup FIXIT comments related to reload --- diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 5727db7bc..df0504b73 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -222,9 +222,7 @@ static void appid_inspector_pinit() static void appid_inspector_pterm() { -//FIXIT-M: RELOAD - if app_info_table is associated with an object AppIdContext::pterm(); -//end of 'FIXIT-M: RELOAD' comment above openssl_cleanup(); TPLibHandler::pfini(); } diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 3f678710c..5f0e65fe5 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -346,7 +346,7 @@ void AppIdSession::sync_with_snort_protocol_id(AppId newAppId, Packet* p) SnortProtocolId tmp_snort_protocol_id = entry->snort_protocol_id; // A particular APP_ID_xxx may not be assigned a service_snort_key value - // in the rna_app.yaml file entry; so ignore the snort_protocol_id == + // in the appMapping.data file entry; so ignore the snort_protocol_id == // UNKNOWN_PROTOCOL_ID case. if (tmp_snort_protocol_id != snort_protocol_id) { diff --git a/src/network_inspectors/appid/appid_session_api.h b/src/network_inspectors/appid/appid_session_api.h index 4c482d6b1..6f4e17e17 100644 --- a/src/network_inspectors/appid/appid_session_api.h +++ b/src/network_inspectors/appid/appid_session_api.h @@ -49,9 +49,7 @@ namespace snort #define APPID_SESSION_MID (1ULL << 9) #define APPID_SESSION_OOO (1ULL << 10) #define APPID_SESSION_SYN_RST (1ULL << 11) -/**Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction. - * Detectors should set this flag by verifying that packet from initiator is indeed a packet from responder. - * Setting this flag without this check will cause RNA to not try other detectors in some cases (see bug 77551).*/ +// Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction. #define APPID_SESSION_UDP_REVERSED (1ULL << 12) #define APPID_SESSION_HTTP_SESSION (1ULL << 13) /**Service protocol was detected */ diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index 9a685115c..b6ff74b20 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -305,7 +305,7 @@ bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, { bool isTpAppidDiscoveryDone = false; AppInfoTableEntry* entry; - uint32_t prevRnaClientState = asd.client_disco_state; + uint32_t prev_client_state = asd.client_disco_state; bool was_service = asd.is_service_detected(); AppId tp_app_id = asd.get_tp_app_id(); @@ -339,11 +339,11 @@ bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, asd.client_disco_state = APPID_DISCO_STATE_STATEFUL; } - //stop rna inspection as soon as tp has classified a valid AppId + //stop inspection as soon as tp has classified a valid AppId if ( tp_app_id > APP_ID_NONE and ( asd.client_disco_state == APPID_DISCO_STATE_STATEFUL or asd.client_disco_state == APPID_DISCO_STATE_DIRECT ) and - asd.client_disco_state == prevRnaClientState and + asd.client_disco_state == prev_client_state and !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_available() ) { diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index ec6808a5c..7ed533a84 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -844,13 +844,13 @@ static int detector_get_packet_dst_port(lua_State* L) } /**Get packet count. This is used mostly for printing packet sequence - * number when RNA is being tested with a pcap file. + * number when appid is being tested with a pcap file. * Callback could be used either at init or during packet processing * * @param Lua_State* - Lua state variable. * @param detector/stack - detector object * @return int - Number of elements on stack, which is 1 if successful, 0 otherwise. - * @return packetCount/stack - Total packet processed by RNA. + * @return packetCount/stack - Total packet processed by appid. **/ static int detector_get_packet_count(lua_State* L) { @@ -994,7 +994,7 @@ static int client_add_payload(lua_State* L) * @param Lua_State* - Lua state variable. * @param detector/stack - detector object * @return int - Number of elements on stack, which is 1 if successful, 0 otherwise. - * @return packetCount/stack - Total packet processed by RNA. + * @return packetCount/stack - Total packet processed by appid. * @todo maintain a single copy and return the same copy with every call to Detector_getFlow(). */ static int detector_get_flow(lua_State* L) @@ -2617,20 +2617,6 @@ static const luaL_Reg detector_methods[] = // (below) { "getProtocolType", detector_get_protocol_type }, // - "getProtocolType" is now // "getL4Protocol" (below) - { "inCompatibleData", service_set_incompatible_data }, // - "inCompatibleData" is - // now "markIncompleteData" - // (below) - { "addDataId", service_add_data_id }, // - "addDataId" is now - // "addAppIdDataToFlow" - // (below) - { "service_inCompatibleData", service_set_incompatible_data }, // - "service_inCompatibleData" - // is now - // "service_markIncompleteData" - // (below) - { "service_addDataId", service_add_data_id }, // - "service_addDataId" is - // now - // "service_addAppIdDataToFlow" - // (below) { "getPacketSize", detector_get_packet_size }, { "getPacketDir", detector_get_packet_direction }, @@ -2663,19 +2649,11 @@ static const luaL_Reg detector_methods[] = /*Obsolete - new detectors should not use this API */ { "init", service_init }, { "registerPattern", service_register_pattern }, - { "getServiceID", service_get_service_id }, { "addPort", service_add_ports }, - { "removePort", service_remove_ports }, - { "setServiceName", service_set_service_name }, - { "getServiceName", service_get_service_name }, - { "isCustomDetector", service_is_custom_detector }, - { "setValidator", service_set_validator }, { "addService", service_add_service }, { "failService", service_fail_service }, { "inProcessService", service_in_process_service }, - { "markIncompleteData", service_set_incompatible_data }, { "analyzePayload", service_analyze_payload }, - { "addAppIdDataToFlow", service_add_data_id }, /*service API */ { "service_init", service_init }, @@ -2745,15 +2723,15 @@ static const luaL_Reg detector_methods[] = /* Garbage collector hook function. Called when Lua side garbage collects detector * api instance. Current design is to allocate one of each luaState, detector and - * detectorUserData buffers, and hold these buffers till RNA exits. SigHups processing - * reuses the buffers and calls DetectorInit to reinitialize. RNA ensures that + * detectorUserData buffers, and hold these buffers till appid exits. SigHups processing + * reuses the buffers and calls DetectorInit to reinitialize. AppId ensures that * UserData is not garbage collected, by creating a reference in LUA_REGISTRY - * table. The reference is released only on RNA exit. + * table. The reference is released only on appid exit. * * If in future, one needs to free any of these buffers then one should consider * references to detector buffer in ServiceDetector stored in flows and hostServices * data structures. Other detectors at this time create one static instance for the - * lifetime of RNA, and therefore we have adopted the same principle for Lua Detectors. + * lifetime of appid, and therefore we have adopted the same principle for Lua Detectors. */ static int Detector_gc(lua_State*) { diff --git a/src/network_inspectors/appid/lua_detector_flow_api.cc b/src/network_inspectors/appid/lua_detector_flow_api.cc index 4bcb57753..0ad063490 100644 --- a/src/network_inspectors/appid/lua_detector_flow_api.cc +++ b/src/network_inspectors/appid/lua_detector_flow_api.cc @@ -143,85 +143,6 @@ static inline uint64_t convert_flags_c_to_lua(uint64_t in) return out; } -/**Creates a user data for a flow. - * - * @param Lua_State* - Lua state variable. - * @param detector/stack - detector object - * @param srcAddress/stack - source address of the flow - * @param srcPort/stack - source port of the the flow - * @param dstAddress/stack - destination address of the flow. - * @param dstPort/stack - detector port of the flow. - * @param proto/stack - protocol type. See defined IPPROTO_xxxx in /usr/include/netinet/in.h - * @return int - Number of elements on stack, which is 1 if successful, 0 otherwise. - * @return UserData/stack - A userdata representing UserData. - */ -static int create_detector_flow(lua_State* L) -{ - SfIp saddr; - SfIp daddr; - - AppIdDetector* ud = *UserData::check(L, DETECTOR, 1); - // Verify detector user data and that we are in packet context - LuaStateDescriptor* lsd = ud->validate_lua_state(true); - - const char* pattern = lua_tostring(L, 2); - size_t patternLen = lua_strlen (L, 2); - - if (patternLen == 16) - { - if (saddr.set(pattern, AF_INET6) != SFIP_SUCCESS) - return 0; - } - else if (patternLen == 4) - { - if (saddr.set(pattern, AF_INET) != SFIP_SUCCESS) - return 0; - } - else - { - return 0; - } - pattern = lua_tostring(L, 3); - patternLen = lua_strlen (L, 3); - - if (patternLen == 16) - { - if (daddr.set(pattern, AF_INET6) != SFIP_SUCCESS) - return 0; - } - else if (patternLen == 4) - { - if (daddr.set(pattern, AF_INET) != SFIP_SUCCESS) - return 0; - } - else - { - return 0; - } - - uint16_t sport = lua_tonumber(L, 4); - uint16_t dport = lua_tonumber(L, 5); - IpProtocol proto = (IpProtocol)lua_tonumber(L, 6); - - auto detector_flow = new DetectorFlow(L, AppIdSession::create_future_session(lsd->ldp.pkt, &saddr, sport, - &daddr, dport, proto, 0)); - UserData::push(L, DETECTORFLOW, detector_flow); - - lua_pushvalue(L, -1); - detector_flow->userDataRef = luaL_ref(L, LUA_REGISTRYINDEX); - - odp_thread_local_ctxt->get_lua_detector_mgr().set_detector_flow(detector_flow); - - if (!detector_flow->asd) - { - /*calloced buffer will be freed later after the current packet is processed. */ - lua_pop(L, 1); - return 0; - } - - return 1; -} - /**Sets a flow flag * * @param Lua_State* - Lua state variable. @@ -295,46 +216,6 @@ static int clear_detector_flow_flag(lua_State* L) return 0; } -/**Set service id on a flow - * If function is implemented, then - * verify detector user data and that we are in packet context - * - * @param Lua_State* - Lua state variable. - * @param detectorFlow/stack - UserData object - * @param serviceId/stack - service Id to be set on a flow. - * @return int - Number of elements on stack, which is 0. - */ -static int set_detector_flow_service_id(lua_State*) -{ return 0; } - -/**Set client application id on a flow, during packet processing - * If function is implemented, then - * verify detector user data and that we are in packet context - * - * @param Lua_State* - Lua state variable. - * @param detectorFlow/stack - UserData object - * @param applId/stack - client application Id to be set on a flow. - * @return int - Number of elements on stack, which is 0. - */ -static int set_detecter_flow_cln_app_id(lua_State*) -{ - return 0; -} - -/**Set client application type id on a flow, during packet processing - * If function is implemented, then - * verify detector user data and that we are in packet context - * - * @param Lua_State* - Lua state variable. - * @param detectorFlow/stack - UserData object - * @param applTypeId/stack - client application type id to be set on a flow. - * @return int - Number of elements on stack, which is 0. - */ -static int set_detector_flow_cln_app_type(lua_State*) -{ - return 0; -} - /**Design: For simplicity reason I am passing flowkey (20 bytes) to lua detectors. * The key is used to index into local lua table and get any flow specific data that a detector needs. * This approach avoids embedding lua detector data into core engine flow data structure. @@ -362,17 +243,9 @@ static int get_detector_flow_key(lua_State* L) static const luaL_Reg detector_flow_api[] = { - /* Obsolete API names. No longer use these! They are here for backward - * compatibility and will eventually be removed. */ - /* - "new" is now "createFlow" (below) */ - { "new", create_detector_flow }, - { "createFlow", create_detector_flow }, { "setFlowFlag", set_detector_flow_flag }, { "getFlowFlag", get_detector_flow_flag }, { "clearFlowFlag", clear_detector_flow_flag }, - { "setFlowServiceId", set_detector_flow_service_id }, - { "setFlowClnAppId", set_detecter_flow_cln_app_id }, - { "setFlowClnAppType", set_detector_flow_cln_app_type }, { "getFlowKey", get_detector_flow_key }, { nullptr, nullptr } }; diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 0ba2d9e6d..58be2899b 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -272,8 +272,6 @@ LuaObject* LuaDetectorManager::get_cb_detector(AppId app_id) * of memory allocated to RNA (fraction of total system memory) and number of detectors * loaded in database. Calculations are based on CAICCI detector and observing memory * consumption per tracker. - * @param rnaMemory - total memory RNA is allowed to use. This is calculated as a fraction of - * total system memory. * @param numDetectors - number of lua detectors present in database. */ static inline void set_lua_tracker_size(lua_State* L, uint32_t numTrackers) @@ -407,10 +405,6 @@ void LuaDetectorManager::load_detector(char* detector_filename, bool isCustom) return; } - // FIXIT-M: RELOAD - When reload is supported, we might need to make these unique - // from one reload to the next reload, e.g., "odp_FOO_1", "odp_FOO_2", etc. - // Alternatively, conflicts between reload may be avoided if a new lua state is - // created separately, then swapped and free old state. char detectorName[MAX_LUA_DETECTOR_FILENAME_LEN]; #ifdef HAVE_BASENAME_R char detector_res[MAX_LUA_DETECTOR_FILENAME_LEN]; diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h index 0d7a06c43..63ce27c00 100644 --- a/src/network_inspectors/appid/lua_detector_module.h +++ b/src/network_inspectors/appid/lua_detector_module.h @@ -64,7 +64,6 @@ public: return detector_flow; } void free_detector_flow(); - // FIXIT-M: RELOAD - When reload is supported, move this variable to a separate location lua_State* L; bool insert_cb_detector(AppId app_id, LuaObject* ud); LuaObject* get_cb_detector(AppId app_id); diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index d8f10d118..6523f180e 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -237,10 +237,9 @@ static int pattern_match(void* id, void*, int match_end_pos, void* data, void*) /**Perform pattern match of a packet and construct a list of services sorted in order of * precedence criteria. Criteria is count and then size. The first service in the list is * returned. The list itself is saved in ServiceDiscoveryState. If - * appId is already identified, then use it instead of searching again. RNA will capability + * appId is already identified, then use it instead of searching again. AppId has capability * to try out other inferior matches. If appId is unknown i.e. searched and not found by FRE then - * don't do any pattern match. This is a way degrades RNA detector selection if FRE is running on - * this sensor. + * don't do any pattern match. This is a way to degrade detector if FRE is running. */ void ServiceDiscovery::match_by_pattern(AppIdSession& asd, const Packet* pkt, IpProtocol proto) { @@ -575,7 +574,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, AppidSessionDirection direction, AppidChangeBits& change_bits) { bool isTpAppidDiscoveryDone = false; - uint32_t prevRnaServiceState = asd.service_disco_state; + uint32_t prev_service_state = asd.service_disco_state; AppId tp_app_id = asd.get_tp_app_id(); if (asd.service_disco_state == APPID_DISCO_STATE_NONE && p->dsize) @@ -627,10 +626,10 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, asd.service_disco_state = APPID_DISCO_STATE_STATEFUL; } - //stop rna inspection as soon as tp has classified a valid AppId later in the session + //stop inspection as soon as tp has classified a valid AppId later in the session if ( tp_app_id > APP_ID_NONE and asd.service_disco_state == APPID_DISCO_STATE_STATEFUL and - prevRnaServiceState == APPID_DISCO_STATE_STATEFUL and + prev_service_state == APPID_DISCO_STATE_STATEFUL and !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_available() ) { @@ -677,7 +676,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, { identify_service(asd, p, direction, change_bits); isTpAppidDiscoveryDone = true; - //to stop executing validator after service has been detected by RNA. + //to stop executing validator after service has been detected if (asd.get_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_CONTINUE) == APPID_SESSION_SERVICE_DETECTED) {