From: Masud Hasan (mashasan) Date: Thu, 1 Oct 2020 21:55:32 +0000 (+0000) Subject: Merge pull request #2506 in SNORT/snort3 from ~MASHASAN/snort3:ua_decode to master X-Git-Tag: 3.0.3-2~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de7c03ff4a7a17a63a5883708bddf3a9ae196264;p=thirdparty%2Fsnort3.git Merge pull request #2506 in SNORT/snort3 from ~MASHASAN/snort3:ua_decode to master Squashed commit of the following: commit 0343181337ee84cbbd963a4f7e64165b8a743083 Author: Masud Hasan Date: Fri Sep 25 15:15:29 2020 -0400 rna: Updating methods for user-agent processor --- diff --git a/src/network_inspectors/rna/rna_fingerprint_ua.cc b/src/network_inspectors/rna/rna_fingerprint_ua.cc index 7929c94cf..b353a55dc 100644 --- a/src/network_inspectors/rna/rna_fingerprint_ua.cc +++ b/src/network_inspectors/rna/rna_fingerprint_ua.cc @@ -104,7 +104,10 @@ void UaFpProcessor::push(const RawFingerprint& rfp) void UaFpProcessor::make_mpse(SnortConfig* sc) { + if ( !sc ) + sc = SnortConfig::get_main_conf(); SearchTool::set_conf(sc); + if ( !os_fps.empty() ) { os_mpse = new SearchTool; @@ -136,7 +139,6 @@ void UaFpProcessor::make_mpse(SnortConfig* sc) jb_host_mpse->add(fp.host_name.c_str(), fp.host_name.size(), &fp); jb_host_mpse->prep(); } - SearchTool::set_conf(nullptr); } static int match_ua_part(void* id, void*, int, void* data, void*) diff --git a/src/network_inspectors/rna/rna_fingerprint_ua.h b/src/network_inspectors/rna/rna_fingerprint_ua.h index b9bafa97d..0f3798648 100644 --- a/src/network_inspectors/rna/rna_fingerprint_ua.h +++ b/src/network_inspectors/rna/rna_fingerprint_ua.h @@ -49,7 +49,7 @@ class SO_PUBLIC UaFpProcessor public: ~UaFpProcessor(); - void make_mpse(SnortConfig* sc); + void make_mpse(SnortConfig* sc = nullptr); void match_mpse(const char* host, const char* uagent, const UaFingerprint*& osfp, const char*& device_info, bool& jail_broken); diff --git a/src/network_inspectors/rna/rna_inspector.cc b/src/network_inspectors/rna/rna_inspector.cc index 88698318c..a2213952e 100644 --- a/src/network_inspectors/rna/rna_inspector.cc +++ b/src/network_inspectors/rna/rna_inspector.cc @@ -194,24 +194,30 @@ void RnaInspector::load_rna_conf() in_stream.close(); } -TcpFpProcessor* RnaInspector::get_or_create_fp_processor() +void RnaInspector::get_or_create_fp_processor(TcpFpProcessor*& tfp, UaFpProcessor*& uafp) { - if (mod_conf) - { - if (!mod_conf->tcp_processor) - mod_conf->tcp_processor = new TcpFpProcessor; - return mod_conf->tcp_processor; - } - return nullptr; + if ( !mod_conf ) + return; + + if ( !mod_conf->tcp_processor ) + mod_conf->tcp_processor = new TcpFpProcessor; + if ( !mod_conf->ua_processor ) + mod_conf->ua_processor = new UaFpProcessor; + + tfp = mod_conf->tcp_processor; + uafp = mod_conf->ua_processor; } -void RnaInspector::set_fp_processor(TcpFpProcessor* tfp) +void RnaInspector::set_fp_processor(TcpFpProcessor* tfp, UaFpProcessor* uafp) { - if ( mod_conf ) - { - delete mod_conf->tcp_processor; - mod_conf->tcp_processor = tfp; - } + if ( !mod_conf ) + return; + + delete mod_conf->tcp_processor; + mod_conf->tcp_processor = tfp; + + delete mod_conf->ua_processor; + mod_conf->ua_processor = uafp; } //------------------------------------------------------------------------- @@ -288,5 +294,18 @@ TEST_CASE("RNA inspector", "[rna_inspector]") RnaInspector ins(&mod); ins.show(nullptr); } + + SECTION("set and get processor") + { + RnaModule mod; + mod.begin(RNA_NAME, 0, nullptr); + RnaInspector ins(&mod); + TcpFpProcessor* tfp = nullptr; + UaFpProcessor* uafp = nullptr; + ins.set_fp_processor(tfp, uafp); + ins.get_or_create_fp_processor(tfp, uafp); + CHECK(tfp != nullptr); + CHECK(uafp != nullptr); + } } #endif diff --git a/src/network_inspectors/rna/rna_inspector.h b/src/network_inspectors/rna/rna_inspector.h index 7ce0709a0..77a4ecff4 100644 --- a/src/network_inspectors/rna/rna_inspector.h +++ b/src/network_inspectors/rna/rna_inspector.h @@ -29,6 +29,7 @@ namespace snort { struct Packet; class TcpFpProcessor; +class UaFpProcessor; } struct RnaConfig; @@ -48,8 +49,8 @@ public: void tinit() override; void tterm() override; - snort::TcpFpProcessor* get_or_create_fp_processor(); - void set_fp_processor(snort::TcpFpProcessor* tfp); + void get_or_create_fp_processor(snort::TcpFpProcessor*&, snort::UaFpProcessor*&); + void set_fp_processor(snort::TcpFpProcessor*, snort::UaFpProcessor*); private: void load_rna_conf();