From: Tom Peters (thopeter) Date: Fri, 19 Apr 2019 18:24:18 +0000 (-0400) Subject: Merge pull request #1582 in SNORT/snort3 from ~MDAGON/snort3:rm_inspector_ptr to... X-Git-Tag: 3.0.0-254~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83aa72b643969acaa0dd75ee0b4e5f400a850b49;p=thirdparty%2Fsnort3.git Merge pull request #1582 in SNORT/snort3 from ~MDAGON/snort3:rm_inspector_ptr to master Squashed commit of the following: commit 08accc17ea648f31d2f1972af76508ea5465aaf2 Author: Maya Dagon Date: Thu Apr 4 09:25:01 2019 -0400 appid: remove inspector reference from detectors --- diff --git a/src/flow/flow.h b/src/flow/flow.h index 9d378bb38..48ca0df58 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -118,6 +118,7 @@ public: void update_allocations(size_t); void update_deallocations(size_t); + Inspector* get_handler() {return handler;} // return fixed size (could be an approx avg) // this must be fixed for life of flow data instance diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index c5c04099a..da2f6a5b0 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -102,6 +102,10 @@ AppIdModuleConfig::~AppIdModuleConfig() // FIXIT-M: RELOAD - move initialization back to AppIdConfig class constructor AppInfoManager& AppIdConfig::app_info_mgr = AppInfoManager::get_instance(); +std::array AppIdConfig::tcp_port_only = {APP_ID_NONE}; +std::array AppIdConfig::udp_port_only = {APP_ID_NONE}; +std::array AppIdConfig::ip_protocol = {APP_ID_NONE}; + AppIdConfig::AppIdConfig(AppIdModuleConfig* config) : mod_config(config) @@ -111,15 +115,6 @@ AppIdConfig::AppIdConfig(AppIdModuleConfig* config) net_list_by_zone[ i ] = nullptr; #endif - for ( unsigned i = 0; i < 65535; i++ ) - { - tcp_port_only[ i ] = APP_ID_NONE; - udp_port_only[ i ] = APP_ID_NONE; - } - - for ( unsigned i = 0; i < 255; i++ ) - ip_protocol[ i ] = APP_ID_NONE; - for ( unsigned i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++ ) { tcp_port_exclusions_src[ i ] = nullptr; @@ -750,17 +745,17 @@ void AppIdConfig::set_safe_search_enforcement(bool enabled) mod_config->safe_search_enabled = enabled; } -bool AppIdConfig::init_appid(SnortConfig* sc, AppIdInspector *ins) +bool AppIdConfig::init_appid(SnortConfig* sc) { // FIXIT-M: RELOAD - Get rid of "once" flag // Handle the if condition in AppIdConfig::init_appid static bool once = false; if (!once) - { + { AppIdConfig::app_info_mgr.init_appid_info_table(mod_config, sc); HostPortCache::initialize(); HttpPatternMatchers* http_matchers = HttpPatternMatchers::get_instance(); - AppIdDiscovery::initialize_plugins(ins); + AppIdDiscovery::initialize_plugins(); init_length_app_cache(); LuaDetectorManager::initialize(*this, 1); PatternServiceDetector::finalize_service_port_patterns(); diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index fc6809a1c..ca059ce36 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -109,7 +109,7 @@ public: AppIdConfig(AppIdModuleConfig*); ~AppIdConfig(); - bool init_appid(snort::SnortConfig*, AppIdInspector*); + bool init_appid(snort::SnortConfig*); static void pterm(); void cleanup(); void show(); @@ -123,9 +123,12 @@ public: NetworkSet* net_list = nullptr; std::array net_list_by_zone; #endif - std::array tcp_port_only; // port-only TCP services - std::array udp_port_only; // port-only UDP services - std::array ip_protocol; // non-TCP / UDP protocol services + + //FIXIT-L remove static when reload is supported (once flag removed) + static std::array tcp_port_only; // port-only TCP services + static std::array udp_port_only; // port-only UDP services + static std::array ip_protocol; // non-TCP / UDP protocol services + SF_LIST client_app_args; // List of Client App arguments // for each potential port, an sflist of PortExclusion structs AppIdPortExclusions tcp_port_exclusions_src; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 0f967d3ee..de56aa8d5 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -52,8 +52,7 @@ using namespace snort; -AppIdDiscovery::AppIdDiscovery(AppIdInspector& ins) - : inspector(ins) +AppIdDiscovery::AppIdDiscovery() { tcp_patterns = new SearchTool("ac_full", true); udp_patterns = new SearchTool("ac_full", true); @@ -76,10 +75,10 @@ AppIdDiscovery::~AppIdDiscovery() delete kv.second; } -void AppIdDiscovery::initialize_plugins(AppIdInspector* ins) +void AppIdDiscovery::initialize_plugins() { - ServiceDiscovery::get_instance(ins); - ClientDiscovery::get_instance(ins); + ServiceDiscovery::get_instance(); + ClientDiscovery::get_instance(); } void AppIdDiscovery::finalize_plugins() @@ -728,7 +727,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp // TMP session and that is not being freed before creating the new one below if ( !asd || asd->common.flow_type == APPID_FLOW_TYPE_TMP ) { - *p_asd = asd = AppIdSession::allocate_session(p, protocol, direction, inspector); + *p_asd = asd = AppIdSession::allocate_session(p, protocol, direction, &inspector); if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM) { asd->set_session_flags(APPID_SESSION_MID); diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index 1f2240c9b..bbc3a4322 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -88,13 +88,13 @@ typedef AppIdDetectors::iterator AppIdDetectorsIterator; class AppIdDiscovery { public: - AppIdDiscovery(AppIdInspector& ins); + AppIdDiscovery(); virtual ~AppIdDiscovery(); AppIdDiscovery(const AppIdDiscovery&) = delete; AppIdDiscovery& operator=(const AppIdDiscovery&) = delete; - static void initialize_plugins(AppIdInspector* ins); + static void initialize_plugins(); static void finalize_plugins(); static void release_plugins(); static void tterm(); @@ -122,11 +122,7 @@ public: return &udp_detectors; } - AppIdInspector& get_inspector() - { return inspector; } - protected: - AppIdInspector& inspector; AppIdDetectors tcp_detectors; AppIdDetectors udp_detectors; snort::SearchTool* tcp_patterns = nullptr; diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 808fd76c7..2473f0294 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -113,7 +113,7 @@ bool AppIdInspector::configure(SnortConfig* sc) my_seh = SipEventHandler::create(); my_seh->subscribe(); - active_config->init_appid(sc, this); + active_config->init_appid(sc); #ifdef ENABLE_APPID_THIRD_PARTY if (!TPLibHandler::have_tp()) diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index f587222a1..2255ee18f 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -29,6 +29,7 @@ #include "log/messages.h" #include "main/snort_config.h" +#include "managers/inspector_manager.h" #include "profiler/profiler.h" #include "protocols/packet.h" #include "protocols/tcp.h" @@ -71,8 +72,7 @@ const uint8_t* service_strstr(const uint8_t* haystack, unsigned haystack_len, } AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, - AppidSessionDirection direction, - AppIdInspector& inspector) + AppidSessionDirection direction, AppIdInspector* inspector) { uint16_t port = 0; @@ -81,7 +81,7 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, if ( ( proto == IpProtocol::TCP || proto == IpProtocol::UDP ) && ( p->ptrs.sp != p->ptrs.dp ) ) port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp; - AppIdSession* asd = new AppIdSession(proto, ip, port, inspector); + AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector); asd->flow = p->flow; asd->stats.first_packet_second = p->pkth->ts.tv_sec; asd->snort_protocol_id = snortId_for_unsynchronized; @@ -92,7 +92,7 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, AppIdInspector& inspector) : FlowData(inspector_id, &inspector), config(inspector.get_appid_config()), - protocol(proto), inspector(inspector) + protocol(proto) { service_ip.clear(); session_id = ++appid_flow_data_id; @@ -169,7 +169,7 @@ static inline PktType get_pkt_type_from_ip_proto(IpProtocol proto) AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const SfIp* cliIp, uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto, - SnortProtocolId snort_protocol_id, int /*flags*/, AppIdInspector& inspector) + SnortProtocolId snort_protocol_id, int /*flags*/) { char src_ip[INET6_ADDRSTRLEN]; char dst_ip[INET6_ADDRSTRLEN]; @@ -177,9 +177,13 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S assert(type != PktType::NONE); + AppIdInspector* inspector = (AppIdInspector*)ctrlPkt->flow->flow_data->get_handler(); + if ((inspector == nullptr) || strcmp(inspector->get_name(), MOD_NAME)) + inspector = (AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, true); + // FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify - AppIdSession* asd = new AppIdSession(proto, cliIp, 0, inspector); + AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector); asd->common.policyId = asd->config->appIdPolicyId; if ( Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp, cliPort, srvIp, @@ -413,7 +417,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits) { set_client_appid_data(client_id, nullptr, change_bits); set_payload_appid_data((AppId)payload_id, nullptr, change_bits); - setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), inspector); + setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id)); } scan_flags &= ~SCAN_SSL_HOST_FLAG; } @@ -425,7 +429,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits) { set_client_appid_data(client_id, nullptr, change_bits); set_payload_appid_data((AppId)payload_id, nullptr, change_bits); - setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), inspector); + setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id)); } tsession->set_tls_cname(nullptr, 0); } @@ -437,7 +441,7 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits) { set_client_appid_data(client_id, nullptr, change_bits); set_payload_appid_data((AppId)payload_id, nullptr, change_bits); - setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), inspector); + setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id)); } tsession->set_tls_org_unit(nullptr, 0); } diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index 3665f6fc4..02ec271c2 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -189,13 +189,10 @@ public: ~AppIdSession() override; static AppIdSession* allocate_session(const snort::Packet*, IpProtocol, - AppidSessionDirection, AppIdInspector&); + AppidSessionDirection, AppIdInspector*); static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t, const snort::SfIp*, - uint16_t, IpProtocol, SnortProtocolId, int, AppIdInspector&); - - AppIdInspector& get_inspector() const - { return inspector; } + uint16_t, IpProtocol, SnortProtocolId, int); size_t size_of() override { return sizeof(*this); } @@ -365,7 +362,6 @@ private: static THREAD_LOCAL uint32_t appid_flow_data_id; AppId application_ids[APP_PROTOID_MAX]; - AppIdInspector& inspector; bool tp_app_id_deferred = false; bool tp_payload_app_id_deferred = false; diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index 41272420b..0e5fc1c16 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -61,8 +61,7 @@ static ProfileStats* get_profile(const char*) ClientDiscovery* ClientDiscovery::discovery_manager = nullptr; THREAD_LOCAL ClientAppMatch* match_free_list = nullptr; -ClientDiscovery::ClientDiscovery(AppIdInspector& ins) - : AppIdDiscovery(ins) +ClientDiscovery::ClientDiscovery() { initialize(); } @@ -82,12 +81,11 @@ void ClientDiscovery::release_thread_resources() } } -ClientDiscovery& ClientDiscovery::get_instance(AppIdInspector* ins) +ClientDiscovery& ClientDiscovery::get_instance() { if (!discovery_manager) { - assert(ins); - discovery_manager = new ClientDiscovery(*ins); + discovery_manager = new ClientDiscovery(); } return *discovery_manager; diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.h b/src/network_inspectors/appid/client_plugins/client_discovery.h index 7b59f79af..aa180e2cd 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.h +++ b/src/network_inspectors/appid/client_plugins/client_discovery.h @@ -45,7 +45,7 @@ class ClientDiscovery : public AppIdDiscovery { public: ~ClientDiscovery() override; - static ClientDiscovery& get_instance(AppIdInspector* ins = nullptr); + static ClientDiscovery& get_instance(); static void release_instance(); void finalize_client_plugins(); @@ -54,7 +54,7 @@ public: AppidSessionDirection direction, AppidChangeBits& change_bits); private: - ClientDiscovery(AppIdInspector& ins); + ClientDiscovery(); void initialize() override; void exec_client_detectors(AppIdSession&, snort::Packet*, AppidSessionDirection direction, AppidChangeBits& change_bits); diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index 2fc7c824b..372888cc6 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -28,6 +28,7 @@ #include "appid_debug.h" #include "appid_inspector.h" #include "app_info_table.h" +#include "managers/inspector_manager.h" #include "protocols/packet.h" using namespace snort; @@ -157,7 +158,7 @@ SipUdpClientDetector::SipUdpClientDetector(ClientDiscovery* cdm) { APP_ID_SIP, APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER }, }; - handler->get_inspector().get_sip_event_handler().set_client(this); + SipEventHandler::set_client(this); handler->register_detector(name, this, proto); } @@ -336,7 +337,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con AppIdSession* fp = AppIdSession::create_future_session( pkt, cliIp, cliPort, srvIp, srvPort, proto, app_id, - APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector()); + APPID_EARLY_SESSION_FLAG_FW_RULE); if ( fp ) { @@ -356,7 +357,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con AppIdSession* fp2 = AppIdSession::create_future_session( pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, proto, app_id, - APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector()); + APPID_EARLY_SESSION_FLAG_FW_RULE); if ( fp2 ) { @@ -433,12 +434,7 @@ SipServiceDetector::SipServiceDetector(ServiceDiscovery* sd) { SIP_PORT, IpProtocol::TCP, false } }; - // FIXIT-RC - detector instance in each packet thread is calling this - // single sip event handler, last guy end wins, works now because it is - // all the same but this is not right... - // Does this still apply? - - handler->get_inspector().get_sip_event_handler().set_service(this); + SipEventHandler::set_service(this); handler->register_detector(name, this, proto); } @@ -486,8 +482,8 @@ void SipEventHandler::handle(DataEvent& event, Flow* flow) const Packet* p = sip_event.get_packet(); IpProtocol protocol = p->is_tcp() ? IpProtocol::TCP : IpProtocol::UDP; AppidSessionDirection direction = p->is_from_client() ? APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER; - asd = AppIdSession::allocate_session(p, protocol, direction, - client->get_handler().get_inspector()); + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + asd = AppIdSession::allocate_session(p, protocol, direction, inspector); } AppidChangeBits change_bits; diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.h b/src/network_inspectors/appid/detector_plugins/detector_sip.h index 812a8392c..bfb05e387 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.h +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.h @@ -98,9 +98,9 @@ public: return new SipEventHandler; } - void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; } - void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; } - + static void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; } + static void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; } + void subscribe() { snort::DataBus::subscribe(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this); } diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index e0d9db061..3ee0f460a 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -142,7 +142,7 @@ snort::ProfileStats* AppIdModule::get_profile() const // Stubs for inspectors unsigned AppIdSession::inspector_id = 0; AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), inspector(inspector) { } + : snort::FlowData(inspector_id, (snort::Inspector*)&inspector) { } AppIdSession::~AppIdSession() = default; AppIdHttpSession::AppIdHttpSession(AppIdSession& asd) : asd(asd) diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 181d88700..4f63cc9a9 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1547,13 +1547,12 @@ static int detector_port_only_service(lua_State* L) uint16_t port = lua_tointeger(L, ++index); uint8_t protocol = lua_tointeger(L, ++index); - AppIdConfig* config = ud->get_detector()->get_handler().get_inspector().get_appid_config(); if (port == 0) - config->ip_protocol[protocol] = appId; + AppIdConfig::ip_protocol[protocol] = appId; else if (protocol == 6) - config->tcp_port_only[port] = appId; + AppIdConfig::tcp_port_only[port] = appId; else if (protocol == 17) - config->udp_port_only[port] = appId; + AppIdConfig::udp_port_only[port] = appId; AppInfoManager::get_instance().set_app_info_active(appId); @@ -2288,7 +2287,7 @@ static int create_future_flow(lua_State* L) AppIdSession* fp = AppIdSession::create_future_session(lsd->ldp.pkt, &client_addr, client_port, &server_addr, server_port, proto, snort_protocol_id, - APPID_EARLY_SESSION_FLAG_FW_RULE, ud->get_detector()->get_handler().get_inspector()); + APPID_EARLY_SESSION_FLAG_FW_RULE); if (fp) { fp->service.set_id(service_id); diff --git a/src/network_inspectors/appid/lua_detector_flow_api.cc b/src/network_inspectors/appid/lua_detector_flow_api.cc index 92ee6e528..54b1f96e5 100644 --- a/src/network_inspectors/appid/lua_detector_flow_api.cc +++ b/src/network_inspectors/appid/lua_detector_flow_api.cc @@ -211,7 +211,7 @@ static int create_detector_flow(lua_State* L) LuaDetectorManager::add_detector_flow(detector_flow); detector_flow->asd = AppIdSession::create_future_session(lsd->ldp.pkt, &saddr, sport, - &daddr, dport, proto, 0, 0, ud->get_handler().get_inspector()); + &daddr, dport, proto, 0, 0); if (!detector_flow->asd) { diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index f35fcd473..8a9a0e21b 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -95,18 +95,16 @@ static ProfileStats* get_profile(const char*) static ServiceDetector* ftp_service; ServiceDiscovery* ServiceDiscovery::discovery_manager = nullptr; -ServiceDiscovery::ServiceDiscovery(AppIdInspector& ins) - : AppIdDiscovery(ins) +ServiceDiscovery::ServiceDiscovery() { initialize(); } -ServiceDiscovery& ServiceDiscovery::get_instance(AppIdInspector* ins) +ServiceDiscovery& ServiceDiscovery::get_instance() { if (!discovery_manager) { - assert(ins); - discovery_manager = new ServiceDiscovery(*ins); + discovery_manager = new ServiceDiscovery(); } return *discovery_manager; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.h b/src/network_inspectors/appid/service_plugins/service_discovery.h index f6bca06b1..90d44b3f3 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.h +++ b/src/network_inspectors/appid/service_plugins/service_discovery.h @@ -68,7 +68,7 @@ enum SESSION_SERVICE_SEARCH_STATE class ServiceDiscovery : public AppIdDiscovery { public: - static ServiceDiscovery& get_instance(AppIdInspector* ins = nullptr); + static ServiceDiscovery& get_instance(); static void release_instance(); void finalize_service_patterns(); @@ -86,7 +86,7 @@ public: static int add_ftp_service_state(AppIdSession&); void release_thread_resources(); private: - ServiceDiscovery(AppIdInspector& ins); + ServiceDiscovery(); void initialize() override; void get_next_service(const snort::Packet*, const AppidSessionDirection dir, AppIdSession&); void get_port_based_services(IpProtocol, uint16_t port, AppIdSession&); diff --git a/src/network_inspectors/appid/service_plugins/service_ftp.cc b/src/network_inspectors/appid/service_plugins/service_ftp.cc index 5f5c0a143..ff65e735e 100644 --- a/src/network_inspectors/appid/service_plugins/service_ftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_ftp.cc @@ -818,7 +818,7 @@ void FtpServiceDetector::create_expected_session(AppIdSession& asd, const Packet ftp_data_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("ftp-data"); AppIdSession* fp = AppIdSession::create_future_session(pkt, cliIp, cliPort, srvIp, srvPort, - proto, ftp_data_snort_protocol_id, flags, handler->get_inspector()); + proto, ftp_data_snort_protocol_id, flags); if (fp) // initialize data session { diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc index 60b11a7c9..a22591044 100644 --- a/src/network_inspectors/appid/service_plugins/service_rexec.cc +++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc @@ -146,7 +146,7 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args) dip = args.pkt->ptrs.ip_api.get_dst(); sip = args.pkt->ptrs.ip_api.get_src(); AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, (uint16_t)port, - IpProtocol::TCP, rexec_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector()); + IpProtocol::TCP, rexec_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE); if (pf) { ServiceREXECData* tmp_rd = (ServiceREXECData*)snort_calloc( diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc index 77270eab0..429511d3b 100644 --- a/src/network_inspectors/appid/service_plugins/service_rpc.cc +++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc @@ -411,8 +411,7 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi AppIdSession* pf = AppIdSession::create_future_session( pkt, dip, 0, sip, (uint16_t)tmp, - (IpProtocol)ntohl((uint32_t)rd->proto), sunrpc_snort_protocol_id, 0, - handler->get_inspector()); + (IpProtocol)ntohl((uint32_t)rd->proto), sunrpc_snort_protocol_id, 0); if (pf) { pf->add_flow_data_id((uint16_t)tmp, this); diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc index 624ab8256..8365ef5ae 100644 --- a/src/network_inspectors/appid/service_plugins/service_rshell.cc +++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc @@ -148,8 +148,7 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args) const snort::SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); const snort::SfIp* sip = args.pkt->ptrs.ip_api.get_src(); AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, - (uint16_t)port, IpProtocol::TCP, rsh_error_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE, - handler->get_inspector()); + (uint16_t)port, IpProtocol::TCP, rsh_error_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE); if (pf) { pf->client_disco_state = APPID_DISCO_STATE_FINISHED; diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc index f9f1a34ac..b2f7bb809 100644 --- a/src/network_inspectors/appid/service_plugins/service_snmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc @@ -482,7 +482,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) const snort::SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); const snort::SfIp* sip = args.pkt->ptrs.ip_api.get_src(); AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, - args.pkt->ptrs.sp, args.asd.protocol, snmp_snort_protocol_id, 0, handler->get_inspector()); + args.pkt->ptrs.sp, args.asd.protocol, snmp_snort_protocol_id, 0); if (pf) { tmp_sd = (ServiceSNMPData*)snort_calloc(sizeof(ServiceSNMPData)); diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc index e24feb343..b28c7e409 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.cc +++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc @@ -1109,7 +1109,7 @@ void ssl_detector_free_patterns() ssl_patterns_free(&service_ssl_config.DetectorSSLCnamePatternList); } -bool setSSLSquelch(Packet* p, int type, AppId appId, AppIdInspector& inspector) +bool setSSLSquelch(Packet* p, int type, AppId appId) { if (!AppInfoManager::get_instance().get_app_info_flags(appId, APPINFO_FLAG_SSL_SQUELCH)) return false; @@ -1120,7 +1120,7 @@ bool setSSLSquelch(Packet* p, int type, AppId appId, AppIdInspector& inspector) // FIXIT-H: Passing appId to create_future_session() is incorrect. We // need to pass the snort_protocol_id associated with appId. AppIdSession* asd = AppIdSession::create_future_session( - p, sip, 0, dip, p->ptrs.dp, IpProtocol::TCP, appId, 0, inspector); + p, sip, 0, dip, p->ptrs.dp, IpProtocol::TCP, appId, 0); if ( asd ) { diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.h b/src/network_inspectors/appid/service_plugins/service_ssl.h index 9d4fdd6a7..fad937107 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.h +++ b/src/network_inspectors/appid/service_plugins/service_ssl.h @@ -43,7 +43,7 @@ int ssl_scan_cname(const uint8_t*, size_t, AppId*, AppId*); int ssl_add_cert_pattern(uint8_t*, size_t, uint8_t, AppId); int ssl_add_cname_pattern(uint8_t*, size_t, uint8_t, AppId); void ssl_detector_free_patterns(); -bool setSSLSquelch(snort::Packet*, int type, AppId, AppIdInspector& inspector); +bool setSSLSquelch(snort::Packet*, int type, AppId); #endif diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc index 4ba847730..9ca0f4949 100644 --- a/src/network_inspectors/appid/service_plugins/service_tftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc @@ -191,8 +191,7 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) dip = args.pkt->ptrs.ip_api.get_dst(); sip = args.pkt->ptrs.ip_api.get_src(); pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, - args.pkt->ptrs.sp, args.asd.protocol, tftp_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE, - handler->get_inspector()); + args.pkt->ptrs.sp, args.asd.protocol, tftp_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE); if (pf) { data_add(*pf, tmp_td, &snort_free); diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index da8e1dbcc..893eff60f 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -52,7 +52,7 @@ public: }; AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : FlowData(0), inspector(inspector) { } + : FlowData(0) { } AppIdSession::~AppIdSession() = default; // Utility functions diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 2aac937d2..073c4547c 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -177,7 +177,7 @@ void AppIdSession::examine_rtmp_metadata(AppidChangeBits&) {} void AppIdSession::examine_ssl_metadata(Packet*, AppidChangeBits&) {} void AppIdSession::update_encrypted_app_id(AppId) {} AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol, - AppidSessionDirection, AppIdInspector&) + AppidSessionDirection, AppIdInspector*) { return nullptr; } @@ -199,33 +199,31 @@ int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDir ServiceDetector*, ServiceDiscoveryState*) { return 0; } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } -ServiceDiscovery::ServiceDiscovery(AppIdInspector& ins) - : AppIdDiscovery(ins) {} +ServiceDiscovery::ServiceDiscovery() {} void ServiceDiscovery::release_instance() {} void ServiceDiscovery::release_thread_resources() {} static AppIdModule* s_app_module = nullptr; static AppIdInspector* s_ins = nullptr; static ServiceDiscovery* s_discovery_manager = nullptr; -ServiceDiscovery& ServiceDiscovery::get_instance(AppIdInspector*) +ServiceDiscovery& ServiceDiscovery::get_instance() { if (!s_discovery_manager) - s_discovery_manager = new ServiceDiscovery(*s_ins); + s_discovery_manager = new ServiceDiscovery(); return *s_discovery_manager; } // Stubs for ClientDiscovery -ClientDiscovery::ClientDiscovery(AppIdInspector& ins) - : AppIdDiscovery(ins) {} +ClientDiscovery::ClientDiscovery(){} ClientDiscovery::~ClientDiscovery() {} void ClientDiscovery::initialize() {} void ClientDiscovery::finalize_client_plugins() {} void ClientDiscovery::release_instance() {} void ClientDiscovery::release_thread_resources() {} static ClientDiscovery* c_discovery_manager = nullptr; -ClientDiscovery& ClientDiscovery::get_instance(AppIdInspector*) +ClientDiscovery& ClientDiscovery::get_instance() { if (!c_discovery_manager) - c_discovery_manager = new ClientDiscovery(*s_ins); + c_discovery_manager = new ClientDiscovery(); return *c_discovery_manager; } bool ClientDiscovery::do_client_discovery(AppIdSession&, Packet*, diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index 76f0c3d23..cf6b31ae2 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -99,7 +99,7 @@ bool HttpPatternMatchers::get_appid_from_url(char*, const char*, char**, // AppIdSession mock functions AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), inspector(inspector) + : FlowData(inspector_id, &inspector) { } diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index c8a326a40..5bc9334bc 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -69,7 +69,7 @@ public: }; AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), inspector(inspector) + : FlowData(inspector_id, &inspector) { common.flow_type = APPID_FLOW_TYPE_NORMAL; service_port = APPID_UT_SERVICE_PORT; diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index 09fc20ea8..daaa8e5a6 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -72,9 +72,9 @@ THREAD_LOCAL AppIdStats appid_stats; void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; } AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector) - : FlowData(0), inspector(inspector) {} + : FlowData(0) {} AppIdSession::~AppIdSession() = default; -AppIdDiscovery::AppIdDiscovery(AppIdInspector& ins) : inspector(ins) {} +AppIdDiscovery::AppIdDiscovery() {} AppIdDiscovery::~AppIdDiscovery() {} void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol) {} void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool*, int, const uint8_t* const, @@ -101,12 +101,11 @@ int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDir ServiceDetector*, ServiceDiscoveryState*) { return 0; } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } -ServiceDiscovery::ServiceDiscovery(AppIdInspector& ins) - : AppIdDiscovery(ins) {} +ServiceDiscovery::ServiceDiscovery() {} -ServiceDiscovery& ServiceDiscovery::get_instance(AppIdInspector* ins) +ServiceDiscovery& ServiceDiscovery::get_instance() { - static ServiceDiscovery discovery_manager(*ins); + static ServiceDiscovery discovery_manager; return discovery_manager; } @@ -127,8 +126,7 @@ TEST_GROUP(service_state_tests) TEST(service_state_tests, select_detector_by_brute_force) { ServiceDiscoveryState sds; - AppIdInspector ins; - ServiceDiscovery::get_instance(&ins); + ServiceDiscovery::get_instance(); // Testing end of brute-force walk for supported and unsupported protocols test_log[0] = '\0'; @@ -150,8 +148,7 @@ TEST(service_state_tests, set_service_id_failed) AppIdInspector inspector; AppIdSession asd(IpProtocol::PROTO_NOT_SET, nullptr, 0, inspector); SfIp client_ip; - AppIdInspector ins; - ServiceDiscovery::get_instance(&ins); + ServiceDiscovery::get_instance(); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0 client_ip.set("1.2.3.4"); @@ -170,8 +167,7 @@ TEST(service_state_tests, set_service_id_failed_with_valid) AppIdInspector inspector; AppIdSession asd(IpProtocol::PROTO_NOT_SET, nullptr, 0, inspector); SfIp client_ip; - AppIdInspector ins; - ServiceDiscovery::get_instance(&ins); + ServiceDiscovery::get_instance(); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1 client_ip.set("1.2.3.4"); diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index e1c37c0f7..a47a91ebb 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -741,7 +741,7 @@ bool do_tp_discovery(AppIdSession& asd, IpProtocol protocol, asd.get_session_flags(APPID_SESSION_SSL_SESSION) and !(asd.scan_flags & SCAN_SSL_HOST_FLAG)) { - setSSLSquelch(p, 1, tp_app_id, asd.get_inspector()); + setSSLSquelch(p, 1, tp_app_id); } if ( app_info_flags & APPINFO_FLAG_IGNORE )