From: Shravan Rangarajuvenkata (shrarang) Date: Fri, 16 Oct 2020 00:38:43 +0000 (+0000) Subject: Merge pull request #2551 in SNORT/snort3 from ~SHRARANG/snort3:appid_tpconn_reset_on_... X-Git-Tag: 3.0.3-3~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de5f79c2f7f4043a7504859c668bce2cc7968de0;p=thirdparty%2Fsnort3.git Merge pull request #2551 in SNORT/snort3 from ~SHRARANG/snort3:appid_tpconn_reset_on_reload to master Squashed commit of the following: commit f699f86be852c8896e9f3cc08a4e8c1fafa10575 Author: Shravan Rangaraju Date: Wed Oct 14 15:02:11 2020 -0400 appid: do not reset third-party session after third-party reload --- diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 9a6706579..56549e82b 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -569,7 +569,7 @@ void AppIdDiscovery::do_port_based_discovery(Packet* p, AppIdSession& asd, IpPro } bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, IpProtocol protocol, - AppidSessionDirection direction) + AppidSessionDirection direction, ThirdPartyAppIdContext* tp_appid_ctxt) { if (asd.get_session_flags(APPID_SESSION_HOST_CACHE_MATCHED)) return false; @@ -636,8 +636,13 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, asd.service_disco_state = APPID_DISCO_STATE_FINISHED; asd.client_disco_state = APPID_DISCO_STATE_FINISHED; asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED); - if (asd.tpsession) + + if (asd.tpsession and tp_appid_ctxt and + (asd.tpsession->get_ctxt_version() == tp_appid_ctxt->get_version())) asd.tpsession->reset(); + else if (asd.tpsession) + asd.tpsession->set_state(TP_STATE_TERMINATED); + if ( asd.get_payload_id() == APP_ID_NONE) asd.set_payload_id(APP_ID_UNKNOWN); } @@ -692,7 +697,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto { bool is_discovery_done = false; - asd.check_app_detection_restart(change_bits); + asd.check_app_detection_restart(change_bits, tp_appid_ctxt); if (outer_protocol != IpProtocol::PROTO_NOT_SET) { @@ -841,7 +846,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto asd.scan_flags &= ~SCAN_HTTP_URI_FLAG; } - if (do_host_port_based_discovery(p, asd, protocol, direction)) + if (do_host_port_based_discovery(p, asd, protocol, direction, tp_appid_ctxt)) { asd.set_port_service_id(APP_ID_NONE); service_id = asd.pick_service_app_id(); diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index 86d2e5e3e..845e92414 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -149,7 +149,7 @@ private: static void do_port_based_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol, AppidSessionDirection direction); static bool do_host_port_based_discovery(snort::Packet* p, AppIdSession& asd, - IpProtocol protocol, AppidSessionDirection direction); + IpProtocol protocol, AppidSessionDirection direction, ThirdPartyAppIdContext* tp_appid_ctxt); }; #endif diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index 71a79e62b..3d9d34d62 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -261,7 +261,8 @@ void AppIdSession::initialize_future_session(AppIdSession& expected, uint64_t fl expected.client_disco_state = APPID_DISCO_STATE_FINISHED; } -void AppIdSession::reinit_session_data(AppidChangeBits& change_bits) +void AppIdSession::reinit_session_data(AppidChangeBits& change_bits, + ThirdPartyAppIdContext* tp_appid_ctxt) { misc_app_id = APP_ID_NONE; @@ -295,8 +296,11 @@ void AppIdSession::reinit_session_data(AppidChangeBits& change_bits) free_flow_data_by_mask(APPID_SESSION_DATA_CLIENT_MODSTATE_BIT); //3rd party cleaning - if (tpsession) + if (tpsession and tp_appid_ctxt and + (tpsession->get_ctxt_version() == tp_appid_ctxt->get_version())) tpsession->reset(); + else if (tpsession) + tpsession->set_state(TP_STATE_TERMINATED); init_tpPackets = 0; resp_tpPackets = 0; @@ -354,7 +358,8 @@ void AppIdSession::sync_with_snort_protocol_id(AppId newAppId, Packet* p) } } -void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits) +void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits, + ThirdPartyAppIdContext* tp_appid_ctxt) { if (get_session_flags(APPID_SESSION_DECRYPTED) or !flow->is_proxied()) return; @@ -387,7 +392,7 @@ void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits) if (encrypted.payload_id > APP_ID_NONE) api.payload.set_overwritten_id(encrypted.payload_id); - reinit_session_data(change_bits); + reinit_session_data(change_bits, tp_appid_ctxt); if (appidDebug->is_active()) LogMessage("AppIdDbg %s SSL decryption is available, restarting app detection\n", appidDebug->get_debug_session()); @@ -438,9 +443,10 @@ void AppIdSession::check_tunnel_detection_restart() } -void AppIdSession::check_app_detection_restart(AppidChangeBits& change_bits) +void AppIdSession::check_app_detection_restart(AppidChangeBits& change_bits, + ThirdPartyAppIdContext* tp_appid_ctxt) { - check_ssl_detection_restart(change_bits); + check_ssl_detection_restart(change_bits, tp_appid_ctxt); check_tunnel_detection_restart(); } @@ -927,8 +933,11 @@ void AppIdSession::reset_session_data(AppidChangeBits& change_bits) tp_payload_app_id = APP_ID_UNKNOWN; tp_app_id = APP_ID_UNKNOWN; - if (this->tpsession) - this->tpsession->reset(); + if (tpsession and pkt_thread_tp_appid_ctxt and + (tpsession->get_ctxt_version() == pkt_thread_tp_appid_ctxt->get_version())) + tpsession->reset(); + else if (tpsession) + tpsession->set_state(TP_STATE_TERMINATED); change_bits.reset(); change_bits.set(APPID_RESET_BIT); diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index 7d62d1ad7..8603937da 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -361,8 +361,10 @@ public: void set_client_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr); void set_service_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr); void set_payload_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr); - void check_app_detection_restart(AppidChangeBits& change_bits); - void check_ssl_detection_restart(AppidChangeBits& change_bits); + void check_app_detection_restart(AppidChangeBits& change_bits, + ThirdPartyAppIdContext* tp_appid_ctxt); + void check_ssl_detection_restart(AppidChangeBits& change_bits, + ThirdPartyAppIdContext* tp_appid_ctxt); void check_tunnel_detection_restart(); void update_encrypted_app_id(AppId); void examine_rtmp_metadata(AppidChangeBits& change_bits); @@ -589,7 +591,7 @@ public: private: uint16_t prev_http2_raw_packet = 0; - void reinit_session_data(AppidChangeBits& change_bits); + void reinit_session_data(AppidChangeBits& change_bits, ThirdPartyAppIdContext* tp_appid_ctxt); void delete_session_data(bool free_api = true); bool tp_app_id_deferred = false; diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 9cad119ea..1f1882070 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -195,7 +195,7 @@ const char* AppInfoManager::get_app_name(int32_t) // Stubs for AppIdSession void AppIdSession::sync_with_snort_protocol_id(AppId, Packet*) {} -void AppIdSession::check_app_detection_restart(AppidChangeBits&) {} +void AppIdSession::check_app_detection_restart(AppidChangeBits&, ThirdPartyAppIdContext*) {} void AppIdSession::set_client_appid_data(AppId, AppidChangeBits&, char*) {} void AppIdSession::examine_rtmp_metadata(AppidChangeBits&) {} void AppIdSession::examine_ssl_metadata(AppidChangeBits&) {}