From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 4 May 2021 17:39:52 +0000 (+0000) Subject: Merge pull request #2871 in SNORT/snort3 from ~SATHIRKA/snort3:mercury_debug to master X-Git-Tag: 3.1.5.0~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd998a3ea2933ac0abbf4a2f17acb0a95778aed2;p=thirdparty%2Fsnort3.git Merge pull request #2871 in SNORT/snort3 from ~SATHIRKA/snort3:mercury_debug to master Squashed commit of the following: commit 625b7fa920e751eee95585235f106101a0cb15e1 Author: cljudge Date: Wed Apr 28 07:44:29 2021 -0400 appid: Publish an event when appid debug command is issued --- diff --git a/src/network_inspectors/appid/CMakeLists.txt b/src/network_inspectors/appid/CMakeLists.txt index 3e4d78d3b..c02b9a637 100644 --- a/src/network_inspectors/appid/CMakeLists.txt +++ b/src/network_inspectors/appid/CMakeLists.txt @@ -1,6 +1,7 @@ set (APPID_INCLUDES appid_api.h appid_app_descriptor.h + appid_debug.h appid_dns_session.h appid_http_session.h appid_session_api.h diff --git a/src/network_inspectors/appid/appid_debug.cc b/src/network_inspectors/appid/appid_debug.cc index 3d905f902..eee1f72c1 100644 --- a/src/network_inspectors/appid/appid_debug.cc +++ b/src/network_inspectors/appid/appid_debug.cc @@ -145,7 +145,7 @@ void AppIdDebug::set_constraints(const char *desc, char sipstr[INET6_ADDRSTRLEN]; char dipstr[INET6_ADDRSTRLEN]; - info.set(*constraints); + info = *constraints; info.sip.ntop(sipstr, sizeof(sipstr)); info.dip.ntop(dipstr, sizeof(dipstr)); LogMessage("Debugging %s with %s-%hu and %s-%hu %hhu\n", desc, diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h index eeea7d62a..fe0404ea0 100644 --- a/src/network_inspectors/appid/appid_debug.h +++ b/src/network_inspectors/appid/appid_debug.h @@ -44,9 +44,9 @@ namespace snort struct AppIdDebugSessionConstraints { snort::SfIp sip; - int sip_flag = 0; + bool sip_flag = false; snort::SfIp dip; - int dip_flag = 0; + bool dip_flag = false; uint16_t sport; uint16_t dport; IpProtocol protocol = IpProtocol::PROTO_NOT_SET; @@ -64,20 +64,8 @@ struct AppIdDebugSessionConstraints ((!sip_flag or !memcmp(sip.get_ip6_ptr(), ip1, sizeof(snort::ip::snort_in6_addr))) and (!dip_flag or !memcmp(dip.get_ip6_ptr(), ip2, sizeof(snort::ip::snort_in6_addr)))); } - void set(const AppIdDebugSessionConstraints& src); }; -inline void AppIdDebugSessionConstraints::set(const AppIdDebugSessionConstraints& src) -{ - if ((sip_flag = src.sip_flag)) - sip = src.sip; - if ((dip_flag = src.dip_flag)) - dip = src.dip; - sport = src.sport; - dport = src.dport; - protocol = src.protocol; -} - class AppIdDebug { public: diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 4a00b567f..7f18386f5 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -36,6 +36,7 @@ #include "main/swapper.h" #include "managers/inspector_manager.h" #include "profiler/profiler.h" +#include "pub_sub/appid_debug_log_event.h" #include "src/main.h" #include "target_based/host_attributes.h" #include "trace/trace.h" @@ -112,7 +113,7 @@ AcAppIdDebug::AcAppIdDebug(AppIdDebugSessionConstraints* cs) { if (cs) { - constraints.set(*cs); + constraints = *cs; enable = true; } } @@ -303,6 +304,9 @@ static int enable_debug(lua_State* L) constraints.sport = sport; constraints.dport = dport; + AppIdDebugLogEvent event(&constraints, "AppIdDbg"); + DataBus::publish(APPID_DEBUG_LOG_EVENT, event); + main_broadcast_command(new AcAppIdDebug(&constraints), true); return 0; @@ -310,6 +314,8 @@ static int enable_debug(lua_State* L) static int disable_debug(lua_State*) { + AppIdDebugLogEvent event(nullptr, ""); + DataBus::publish(APPID_DEBUG_LOG_EVENT, event); main_broadcast_command(new AcAppIdDebug(nullptr), true); return 0; } diff --git a/src/pub_sub/CMakeLists.txt b/src/pub_sub/CMakeLists.txt index 04ebfddb1..d49ddd311 100644 --- a/src/pub_sub/CMakeLists.txt +++ b/src/pub_sub/CMakeLists.txt @@ -1,4 +1,5 @@ set (PUB_SUB_INCLUDES + appid_debug_log_event.h appid_events.h cip_events.h data_decrypt_event.h diff --git a/src/pub_sub/appid_debug_log_event.h b/src/pub_sub/appid_debug_log_event.h new file mode 100644 index 000000000..f10f2788e --- /dev/null +++ b/src/pub_sub/appid_debug_log_event.h @@ -0,0 +1,50 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2021-2021 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// appid_debug_log_event.h author Cliff Judge + +#ifndef APPID_DEBUG_LOG_EVENT_H +#define APPID_DEBUG_LOG_EVENT_H + +#include + +#include "framework/data_bus.h" +#include "network_inspectors/appid/appid_debug.h" + +#define APPID_DEBUG_LOG_EVENT "appid_debug_log_event" + +class AppIdDebugLogEvent : public snort::DataEvent +{ +public: + AppIdDebugLogEvent(const AppIdDebugSessionConstraints* constraints, const char* dbg_str) : + cs(constraints), debug_str(dbg_str) { } + + const AppIdDebugSessionConstraints* get_appid_debug_constraints() const + { + return cs; + } + + const std::string& get_debug_string() const + { + return debug_str; + } +private: + const AppIdDebugSessionConstraints* cs = nullptr; + std::string debug_str; +}; + +#endif