From: Shravan Rangarajuvenkata (shrarang) Date: Fri, 5 Mar 2021 23:45:37 +0000 (+0000) Subject: Merge pull request #2777 in SNORT/snort3 from ~SHRARANG/snort3:appid_sub_policy to... X-Git-Tag: 3.1.2.0~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=859d0a579e7cd6b40c5d7f7d612381dc9239b190;p=thirdparty%2Fsnort3.git Merge pull request #2777 in SNORT/snort3 from ~SHRARANG/snort3:appid_sub_policy to master Squashed commit of the following: commit 48ee239ce9197dcf6746dea9e77145e968a14322 Author: Shravan Rangaraju Date: Thu Mar 4 15:37:49 2021 -0500 appid: get uri from http event even when http host is not present commit d1f81e06c96812def7e556f563bb011490ce2be4 Author: Shravan Rangaraju Date: Wed Mar 3 17:29:35 2021 -0500 appid: always get appid inspector from default inspection policy --- diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 5fe5daa6d..b0249f746 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -100,7 +100,7 @@ void AppIdContext::pterm() odp_thread_local_ctxt = nullptr; } -bool AppIdContext::init_appid(SnortConfig* sc) +bool AppIdContext::init_appid(SnortConfig* sc, AppIdInspector& inspector) { // do not reload ODP on reload_config() if (!odp_ctxt) @@ -112,10 +112,10 @@ bool AppIdContext::init_appid(SnortConfig* sc) static bool once = false; if (!once) { - odp_ctxt->get_client_disco_mgr().initialize(); - odp_ctxt->get_service_disco_mgr().initialize(); + odp_ctxt->get_client_disco_mgr().initialize(inspector); + odp_ctxt->get_service_disco_mgr().initialize(inspector); odp_thread_local_ctxt->initialize(*this, true); - odp_ctxt->initialize(); + odp_ctxt->initialize(inspector); // do not reload third party on reload_config() if (!tp_appid_ctxt) @@ -158,10 +158,10 @@ OdpContext::OdpContext(const AppIdConfig& config, SnortConfig* sc) version = next_version++; } -void OdpContext::initialize() +void OdpContext::initialize(AppIdInspector& inspector) { - service_pattern_detector->finalize_service_port_patterns(); - client_pattern_detector->finalize_client_port_patterns(); + service_pattern_detector->finalize_service_port_patterns(inspector); + client_pattern_detector->finalize_client_port_patterns(inspector); service_disco_mgr.finalize_service_patterns(); client_disco_mgr.finalize_client_patterns(); http_matchers.finalize_patterns(); diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 20bd67a7a..08c515662 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -62,6 +62,7 @@ enum SnortProtoIdIndex PROTO_INDEX_MAX }; +class AppIdInspector; class PatternClientDetector; class PatternServiceDetector; @@ -118,7 +119,7 @@ public: uint16_t max_packet_service_fail_ignore_bytes = MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES; OdpContext(const AppIdConfig&, snort::SnortConfig*); - void initialize(); + void initialize(AppIdInspector& inspector); void reload(); uint32_t get_version() const @@ -261,7 +262,7 @@ public: void create_odp_ctxt(); void create_tp_appid_ctxt(); - bool init_appid(snort::SnortConfig*); + bool init_appid(snort::SnortConfig*, AppIdInspector&); static void pterm(); void show() const; diff --git a/src/network_inspectors/appid/appid_detector.cc b/src/network_inspectors/appid/appid_detector.cc index 93479451c..6cdffa05d 100644 --- a/src/network_inspectors/appid/appid_detector.cc +++ b/src/network_inspectors/appid/appid_detector.cc @@ -25,7 +25,6 @@ #include "appid_detector.h" -#include "managers/inspector_manager.h" #include "protocols/packet.h" #include "app_info_table.h" @@ -36,7 +35,7 @@ using namespace snort; -int AppIdDetector::initialize() +int AppIdDetector::initialize(AppIdInspector& inspector) { if ( !tcp_patterns.empty() ) for (auto& pat : tcp_patterns) @@ -48,9 +47,7 @@ int AppIdDetector::initialize() if (!appid_registry.empty()) { - AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME); - assert(inspector); - AppIdContext& ctxt = inspector->get_ctxt(); + AppIdContext& ctxt = inspector.get_ctxt(); for (auto& id : appid_registry) register_appid(id.appId, id.additionalInfo, ctxt.get_odp_ctxt()); } diff --git a/src/network_inspectors/appid/appid_detector.h b/src/network_inspectors/appid/appid_detector.h index 62bc2831b..9123d7e6e 100644 --- a/src/network_inspectors/appid/appid_detector.h +++ b/src/network_inspectors/appid/appid_detector.h @@ -32,6 +32,7 @@ #include "service_state.h" class AppIdContext; +class AppIdInspector; class LuaStateDescriptor; namespace snort @@ -110,7 +111,7 @@ public: AppIdDetector() = default; virtual ~AppIdDetector() = default; - virtual int initialize(); + virtual int initialize(AppIdInspector&); virtual void reload(); virtual void do_custom_init() { } virtual void do_custom_reload() { } diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 27be6db79..799b14f4e 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -391,7 +391,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec if (!asd) { - asd = AppIdSession::allocate_session(p, protocol, direction, &inspector, odp_ctxt); + asd = AppIdSession::allocate_session(p, protocol, direction, inspector, odp_ctxt); if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM) { flow_flags |= APPID_SESSION_MID; diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index ef790892c..7611dffa9 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -102,7 +102,7 @@ public: static void tterm(); - virtual void initialize() = 0; + virtual void initialize(AppIdInspector&) = 0; virtual void reload() = 0; virtual void register_detector(const std::string&, AppIdDetector*, IpProtocol); virtual void add_pattern_data(AppIdDetector*, snort::SearchTool&, int position, diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc index c238a5e77..4b6324dc7 100644 --- a/src/network_inspectors/appid/appid_http_event_handler.cc +++ b/src/network_inspectors/appid/appid_http_event_handler.cc @@ -30,7 +30,6 @@ #include #include "detection/detection_engine.h" -#include "managers/inspector_manager.h" #include "app_info_table.h" #include "appid_debug.h" #include "appid_discovery.h" @@ -54,12 +53,11 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) if ( !asd ) { // The event is received before appid has seen any packet, e.g., data on SYN - auto inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME); asd = AppIdSession::allocate_session( p, p->get_ip_proto_next(), direction, inspector, *pkt_thread_odp_ctxt ); if ( appidDebug->is_enabled() ) { - appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions); + appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions); if ( appidDebug->is_active() ) LogMessage("AppIdDbg %s New AppId session at HTTP event\n", appidDebug->get_debug_session()); @@ -117,13 +115,14 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) { hsession->set_field(REQ_HOST_FID, header_start, header_length, change_bits); asd->scan_flags |= SCAN_HTTP_HOST_URL_FLAG; + } - header_start = http_event->get_uri(header_length); - if (header_length > 0) - { - hsession->set_field(REQ_URI_FID, header_start, header_length, change_bits); - hsession->update_url(change_bits); - } + header_start = http_event->get_uri(header_length); + if (header_length > 0) + { + hsession->set_field(REQ_URI_FID, header_start, header_length, change_bits); + asd->scan_flags |= SCAN_HTTP_URI_FLAG; + hsession->update_url(change_bits); } header_start = http_event->get_user_agent(header_length); diff --git a/src/network_inspectors/appid/appid_http_event_handler.h b/src/network_inspectors/appid/appid_http_event_handler.h index 9ac4a1d9c..58edba1a9 100644 --- a/src/network_inspectors/appid/appid_http_event_handler.h +++ b/src/network_inspectors/appid/appid_http_event_handler.h @@ -33,6 +33,8 @@ namespace snort class Flow; } +class AppIdInspector; + class HttpEventHandler : public snort::DataHandler { public: @@ -42,15 +44,15 @@ public: RESPONSE_EVENT, }; - HttpEventHandler(HttpEventType type) : DataHandler(MOD_NAME) - { - event_type = type; - } + HttpEventHandler(HttpEventType type, AppIdInspector& inspector) : + DataHandler(MOD_NAME), event_type(type), inspector(inspector) + { } void handle(snort::DataEvent&, snort::Flow*) override; private: HttpEventType event_type; + AppIdInspector& inspector; }; #endif diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 767a670ba..3f9b89e6b 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -118,16 +118,15 @@ bool AppIdInspector::configure(SnortConfig* sc) ctxt = new AppIdContext(const_cast(*config)); - my_seh = SipEventHandler::create(); - my_seh->subscribe(sc); + ctxt->init_appid(sc, *this); - ctxt->init_appid(sc); + DataBus::subscribe_global(SIP_EVENT_TYPE_SIP_DIALOG_KEY, new SipEventHandler(*this), sc); DataBus::subscribe_global(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler( - HttpEventHandler::REQUEST_EVENT), sc); + HttpEventHandler::REQUEST_EVENT, *this), sc); DataBus::subscribe_global(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler( - HttpEventHandler::RESPONSE_EVENT), sc); + HttpEventHandler::RESPONSE_EVENT, *this), sc); DataBus::subscribe_global(DATA_DECRYPT_EVENT, new DataDecryptEventHandler(), sc); diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 56f8a5ff9..1dd234677 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -378,10 +378,10 @@ static int reload_detectors(lua_State* L) odp_thread_local_ctxt = new OdpThreadContext; OdpContext& odp_ctxt = ctxt.get_odp_ctxt(); - odp_ctxt.get_client_disco_mgr().initialize(); - odp_ctxt.get_service_disco_mgr().initialize(); + odp_ctxt.get_client_disco_mgr().initialize(*inspector); + odp_ctxt.get_service_disco_mgr().initialize(*inspector); odp_thread_local_ctxt->initialize(ctxt, true, true); - odp_ctxt.initialize(); + odp_ctxt.initialize(*inspector); bool from_shell = ( L != nullptr ); current_request->respond("== swapping detectors configuration\n", from_shell); diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index d196ad623..e946f0eaa 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -73,7 +73,7 @@ const uint8_t* service_strstr(const uint8_t* haystack, unsigned haystack_len, } AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, - AppidSessionDirection direction, AppIdInspector* inspector, OdpContext& odp_context) + AppidSessionDirection direction, AppIdInspector& inspector, OdpContext& odp_context) { uint16_t port = 0; @@ -83,7 +83,7 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, (p->ptrs.sp != p->ptrs.dp)) port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp; - AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector, odp_context, + AppIdSession* asd = new AppIdSession(proto, ip, port, inspector, odp_context, p->pkth->address_space_id); asd->flow = p->flow; asd->stats.first_packet_second = p->pkth->ts.tv_sec; diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index fd5886da9..b9ac1cee4 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -238,7 +238,7 @@ public: ~AppIdSession() override; static AppIdSession* allocate_session(const snort::Packet*, IpProtocol, - AppidSessionDirection, AppIdInspector*, OdpContext&); + AppidSessionDirection, AppIdInspector&, OdpContext&); static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t, const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false); void initialize_future_session(AppIdSession&, uint64_t, AppidSessionDirection); diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index 80f49c0b2..7dd289e2d 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -27,7 +27,6 @@ #include "log/text_log.h" #include "log/unified2.h" -#include "managers/inspector_manager.h" #include "time/packet_time.h" #include "appid_config.h" diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index a2b692c82..abb92018d 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -50,7 +50,7 @@ using namespace snort; #define MAX_CANDIDATE_CLIENTS 10 -void ClientDiscovery::initialize() +void ClientDiscovery::initialize(AppIdInspector& inspector) { new BitClientDetector(this); new BitTrackerClientDetector(this); @@ -68,10 +68,10 @@ void ClientDiscovery::initialize() new VncClientDetector(this); for ( auto kv : tcp_detectors ) - kv.second->initialize(); + kv.second->initialize(inspector); for ( auto kv : udp_detectors ) - kv.second->initialize(); + kv.second->initialize(inspector); } void ClientDiscovery::reload() diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.h b/src/network_inspectors/appid/client_plugins/client_discovery.h index 20b8d7ef9..fec7a7215 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.h +++ b/src/network_inspectors/appid/client_plugins/client_discovery.h @@ -29,6 +29,7 @@ #include "appid_types.h" class ClientDetector; +class AppIdInspector; class AppIdSession; struct ClientAppMatch @@ -41,7 +42,7 @@ struct ClientAppMatch class ClientDiscovery : public AppIdDiscovery { public: - void initialize() override; + void initialize(AppIdInspector&) override; void reload() override; void finalize_client_patterns(); diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index 39dc1debb..292624d67 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -27,7 +27,6 @@ #include "log/messages.h" #include "main/snort_debug.h" -#include "managers/inspector_manager.h" #include "protocols/packet.h" #include "search_engines/search_tool.h" @@ -73,7 +72,8 @@ static void free_pattern_service(PatternService* ps) } } -static void read_patterns(PortPatternNode* portPatternList, PatternService** serviceList) +static void read_patterns(PortPatternNode* portPatternList, PatternService** serviceList, + AppIdInspector& inspector) { PatternService* ps = nullptr; char* lastName = nullptr; @@ -117,10 +117,7 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser pattern->next = ps->pattern; ps->pattern = pattern; - // FIXIT-M: Tp support ODP reload, store ODP context in PatternService - AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME); - assert(inspector); - AppIdContext& ctxt = inspector->get_ctxt(); + AppIdContext& ctxt = inspector.get_ctxt(); ctxt.get_odp_ctxt().get_app_info_mgr().set_app_info_active(ps->id); } @@ -404,9 +401,9 @@ void PatternServiceDetector::insert_service_port_pattern(PortPatternNode* pPatte } } -void PatternServiceDetector::finalize_service_port_patterns() +void PatternServiceDetector::finalize_service_port_patterns(AppIdInspector& inspector) { - read_patterns(lua_injected_patterns, &service_port_pattern); + read_patterns(lua_injected_patterns, &service_port_pattern, inspector); install_ports(service_port_pattern); create_service_pattern_trees(); register_service_patterns(); @@ -638,9 +635,9 @@ void PatternClientDetector::register_client_patterns() udp_pattern_matcher->prep(); } -void PatternClientDetector::finalize_client_port_patterns() +void PatternClientDetector::finalize_client_port_patterns(AppIdInspector& inspector) { - read_patterns(lua_injected_patterns, &service_port_pattern); + read_patterns(lua_injected_patterns, &service_port_pattern, inspector); create_client_pattern_trees(); register_client_patterns(); dump_patterns("Client", service_port_pattern); diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.h b/src/network_inspectors/appid/detector_plugins/detector_pattern.h index 2d82498fb..19a02614a 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.h @@ -31,6 +31,8 @@ namespace snort class SearchTool; } +class AppIdInspector; + struct PortPatternNode { AppId appId; @@ -78,7 +80,7 @@ public: ~PatternClientDetector() override; void insert_client_port_pattern(PortPatternNode*); - void finalize_client_port_patterns(); + void finalize_client_port_patterns(AppIdInspector&); void reload_client_port_patterns(); int validate(AppIdDiscoveryArgs&) override; @@ -100,7 +102,7 @@ public: ~PatternServiceDetector() override; void insert_service_port_pattern(PortPatternNode*); - void finalize_service_port_patterns(); + void finalize_service_port_patterns(AppIdInspector&); void reload_service_port_patterns(); int validate(AppIdDiscoveryArgs&) override; diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index bb96532f2..3a84871f7 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -28,7 +28,6 @@ #include "appid_debug.h" #include "appid_inspector.h" #include "app_info_table.h" -#include "managers/inspector_manager.h" #include "protocols/packet.h" using namespace snort; @@ -331,8 +330,8 @@ void SipEventHandler::handle(DataEvent& event, Flow* flow) { IpProtocol protocol = p->is_tcp() ? IpProtocol::TCP : IpProtocol::UDP; AppidSessionDirection direction = p->is_from_client() ? APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER; - AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); - asd = AppIdSession::allocate_session(p, protocol, direction, inspector, inspector->get_ctxt().get_odp_ctxt()); + asd = AppIdSession::allocate_session(p, protocol, direction, inspector, + inspector.get_ctxt().get_odp_ctxt()); } AppidChangeBits change_bits; diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.h b/src/network_inspectors/appid/detector_plugins/detector_sip.h index 9dddfef6b..eb9af2c84 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.h +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.h @@ -34,6 +34,7 @@ namespace snort class Flow; } +class AppIdInspector; class SipEventHandler; class SipUdpClientDetector : public ClientDetector @@ -69,27 +70,22 @@ private: class SipEventHandler : public snort::DataHandler { public: - - static SipEventHandler* create() - { - return new SipEventHandler; - } + SipEventHandler(AppIdInspector& inspector) : + DataHandler(MOD_NAME), inspector(inspector) + { } static void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; } static void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; } - void subscribe(snort::SnortConfig* sc) - { snort::DataBus::subscribe_global(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this, sc); } - void handle(snort::DataEvent&, snort::Flow*) override; private: - SipEventHandler() : DataHandler(MOD_NAME) { } void client_handler(SipEvent&, AppIdSession&, AppidChangeBits&); void service_handler(SipEvent&, AppIdSession&, AppidChangeBits&); static SipUdpClientDetector* client; static SipServiceDetector* service; + AppIdInspector& inspector; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index 801a262b4..e60991224 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -216,7 +216,7 @@ void ServiceAppDescriptor::update_stats(AppId, bool){} void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){} void ClientAppDescriptor::update_stats(AppId, bool) {} void PayloadAppDescriptor::update_stats(AppId, bool) {} -void ServiceDiscovery::initialize() {} +void ServiceDiscovery::initialize(AppIdInspector&) {} void ServiceDiscovery::reload() {} int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 631d4af8d..2f5678801 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -65,7 +65,7 @@ void SearchTool::reload() { } void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } AppIdDiscovery::~AppIdDiscovery() { } -void ClientDiscovery::initialize() { } +void ClientDiscovery::initialize(AppIdInspector&) { } void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 0c7dfff80..b7f09b170 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -35,6 +35,7 @@ #include "appid_config.h" #include "appid_debug.h" #include "appid_dns_session.h" +#include "appid_inspector.h" #include "appid_session.h" #include "detector_plugins/detector_dns.h" #include "detector_plugins/detector_imap.h" @@ -84,7 +85,7 @@ using namespace snort; static ServiceDetector* ftp_service; -void ServiceDiscovery::initialize() +void ServiceDiscovery::initialize(AppIdInspector& inspector) { new BattleFieldServiceDetector(this); new BgpServiceDetector(this); @@ -133,12 +134,12 @@ void ServiceDiscovery::initialize() for ( auto kv : tcp_detectors ) { - kv.second->initialize(); + kv.second->initialize(inspector); service_detector_list.emplace_back(kv.second); } for ( auto kv : udp_detectors ) { - kv.second->initialize(); + kv.second->initialize(inspector); service_detector_list.emplace_back(kv.second); } } diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.h b/src/network_inspectors/appid/service_plugins/service_discovery.h index e8d9ce573..a7719f252 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.h +++ b/src/network_inspectors/appid/service_plugins/service_discovery.h @@ -33,6 +33,7 @@ #include "appid_types.h" +class AppIdInspector; class AppIdSession; class ServiceDetector; class ServiceDiscoveryState; @@ -63,7 +64,7 @@ class ServiceDiscovery : public AppIdDiscovery { public: ~ServiceDiscovery() override { } - void initialize() override; + void initialize(AppIdInspector&) override; void reload() override; void finalize_service_patterns(); void reload_service_patterns(); diff --git a/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc b/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc index 2ec89eab0..145a1c7b2 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc +++ b/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc @@ -31,7 +31,7 @@ #include #include -void ServiceDiscovery::initialize() {} +void ServiceDiscovery::initialize(AppIdInspector&) {} void ServiceDiscovery::reload() {} void ServiceDiscovery::finalize_service_patterns() {} void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {} diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index 16edfde29..39b1b5fd1 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -84,11 +84,11 @@ SslPatternMatchers::~SslPatternMatchers() { } SipPatternMatchers::~SipPatternMatchers() { } HttpPatternMatchers::~HttpPatternMatchers() { } DnsPatternMatchers::~DnsPatternMatchers() { } -void ClientDiscovery::initialize() {} +void ClientDiscovery::initialize(AppIdInspector&) {} void ClientDiscovery::reload() {} FpSMBData* smb_data = nullptr; -int AppIdDetector::initialize(){return 0;} +int AppIdDetector::initialize(AppIdInspector&){return 0;} void AppIdDetector::reload() { } int AppIdDetector::data_add(AppIdSession&, void*, AppIdFreeFCN){return 0;} void* AppIdDetector::data_get(AppIdSession&) {return nullptr;} diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index f4e46aa2d..5a5028c06 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -38,8 +38,6 @@ namespace snort { -Inspector* InspectorManager::get_inspector( - char const*, bool, const snort::SnortConfig*) { return nullptr; } AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) : StashGenericObject(STASH_GENERIC_OBJECT_APPID) {} } diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 6504b51a6..11e157c7b 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -205,7 +205,7 @@ void AppIdSession::update_encrypted_app_id(AppId) {} bool AppIdSession::is_tp_processing_done() const {return 0;} AppId AppIdSession::pick_ss_payload_app_id(AppId) const { return get_payload_id(); } AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol, - AppidSessionDirection, AppIdInspector*, OdpContext&) + AppidSessionDirection, AppIdInspector&, OdpContext&) { return nullptr; } @@ -219,7 +219,7 @@ void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, const Packe void AppIdHttpSession::set_tun_dest(){} // Stubs for ServiceDiscovery -void ServiceDiscovery::initialize() {} +void ServiceDiscovery::initialize(AppIdInspector&) {} void ServiceDiscovery::reload() {} void ServiceDiscovery::finalize_service_patterns() {} void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {} @@ -249,7 +249,7 @@ AppId HostTracker::get_appid(Port, IpProtocol, bool, bool) void HostTracker::remove_flows() {} // Stubs for ClientDiscovery -void ClientDiscovery::initialize() {} +void ClientDiscovery::initialize(AppIdInspector&) {} void ClientDiscovery::reload() {} void ClientDiscovery::finalize_client_patterns() {} static ClientDiscovery* c_discovery_manager = new ClientDiscovery(); diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index 02809c2e1..b9b9708f6 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -51,9 +51,6 @@ using namespace snort; namespace snort { AppIdApi appid_api; -Inspector* InspectorManager::get_inspector( - char const*, bool, const snort::SnortConfig*) { return nullptr; } - Packet::Packet(bool) { } Packet::~Packet() { } @@ -85,7 +82,7 @@ class FakeHttpMsgHeader FakeHttpMsgHeader* fake_msg_header = nullptr; AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol, AppidSessionDirection, - AppIdInspector*, OdpContext&) + AppIdInspector&, OdpContext&) { return nullptr; } @@ -276,7 +273,7 @@ TEST_GROUP(appid_http_event) TEST(appid_http_event, handle_null_appid_data) { HttpEvent event(nullptr, false, 0); - HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT); + HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT, dummy_appid_inspector); mock().expectOneCall("get_appid_session"); event_handler.handle(event, flow); mock().checkExpectations(); @@ -285,7 +282,7 @@ TEST(appid_http_event, handle_null_appid_data) TEST(appid_http_event, handle_null_msg_header) { HttpEvent event(nullptr, false, 0); - HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT); + HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT, dummy_appid_inspector); mock().strictOrder(); mock().expectOneCall("get_appid_session"); @@ -317,7 +314,7 @@ static void run_event_handler(TestData test_data, TestData* expect_data = nullpt { HttpEvent event(nullptr, false, 0); FakeHttpMsgHeader http_msg_header; - HttpEventHandler event_handler(test_data.type); + HttpEventHandler event_handler(test_data.type, dummy_appid_inspector); fake_msg_header = &http_msg_header; host = test_data.host; @@ -392,7 +389,7 @@ TEST(appid_http_event, handle_msg_header_cookie) TEST(appid_http_event, handle_msg_header_host_and_uri) { TestData test_data; - test_data.scan_flags = SCAN_HTTP_HOST_URL_FLAG; + test_data.scan_flags = SCAN_HTTP_HOST_URL_FLAG | SCAN_HTTP_URI_FLAG; test_data.host = HOST; test_data.uri = URI; @@ -522,7 +519,7 @@ TEST(appid_http_event, handle_msg_header_all_request_headers) TestData test_data; test_data.type = HttpEventHandler::REQUEST_EVENT; test_data.scan_flags = SCAN_HTTP_VIA_FLAG | SCAN_HTTP_USER_AGENT_FLAG | - SCAN_HTTP_HOST_URL_FLAG; + SCAN_HTTP_HOST_URL_FLAG | SCAN_HTTP_URI_FLAG; test_data.uri = URI; test_data.cookie = COOKIE; test_data.host = HOST; diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 957c65750..7b5e0a398 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -73,7 +73,7 @@ void ClientAppDescriptor::update_stats(AppId, bool) {} void PayloadAppDescriptor::update_stats(AppId, bool) {} AppIdDiscovery::~AppIdDiscovery() { } -void ClientDiscovery::initialize() { } +void ClientDiscovery::initialize(AppIdInspector&) { } void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } @@ -100,7 +100,7 @@ int ServiceDiscovery::add_ftp_service_state(AppIdSession&) return 0; } -void ServiceDiscovery::initialize() { } +void ServiceDiscovery::initialize(AppIdInspector&) { } void ServiceDiscovery::reload() { } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index ddea1ab07..ae2db4a40 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -92,7 +92,7 @@ AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; AppIdDiscovery::~AppIdDiscovery() {} -void ClientDiscovery::initialize() { } +void ClientDiscovery::initialize(AppIdInspector&) { } void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol) {} void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool&, int, const uint8_t* const, @@ -103,7 +103,7 @@ void AppIdDiscovery::register_udp_pattern(AppIdDetector*, const uint8_t* const, int, unsigned) {} int AppIdDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } -void ServiceDiscovery::initialize() {} +void ServiceDiscovery::initialize(AppIdInspector&) {} void ServiceDiscovery::reload() {} void ServiceDiscovery::finalize_service_patterns() {} void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {} diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index bd14e0123..5e1864f4e 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -47,7 +47,7 @@ snort::SearchTool::SearchTool(char const*, bool) { } snort::SearchTool::~SearchTool() { } AppIdDiscovery::~AppIdDiscovery() { } -void ClientDiscovery::initialize() { } +void ClientDiscovery::initialize(AppIdInspector&) { } void ClientDiscovery::reload() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { } @@ -60,7 +60,7 @@ SipPatternMatchers::~SipPatternMatchers() { } SslPatternMatchers::~SslPatternMatchers() { } AppIdConfig::~AppIdConfig() { } OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } -void ServiceDiscovery::initialize() { } +void ServiceDiscovery::initialize(AppIdInspector&) { } void ServiceDiscovery::reload() { } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return 0; }