From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Wed, 26 Aug 2020 03:28:09 +0000 (+0000)
Subject: Merge pull request #2384 in SNORT/snort3 from ~SATHIRKA/snort3:skip_detection_old_con... 
X-Git-Tag: 3.0.2-6~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3467e540f3dfa21996dbce4007af11f1589e5c7;p=thirdparty%2Fsnort3.git

Merge pull request #2384 in SNORT/snort3 from ~SATHIRKA/snort3:skip_detection_old_config to master

Squashed commit of the following:

commit df50d6ceb4829ca89ee24ba6f95ba58cf4c5a2e9
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Thu Aug 6 17:02:49 2020 -0400

    appid: Skip detection for existing sessions after detector reload; rename reload_odp command to reload_detectors
---

diff --git a/src/network_inspectors/appid/appid_dcerpc_event_handler.h b/src/network_inspectors/appid/appid_dcerpc_event_handler.h
index c7cf8d6fa..7db84333b 100644
--- a/src/network_inspectors/appid/appid_dcerpc_event_handler.h
+++ b/src/network_inspectors/appid/appid_dcerpc_event_handler.h
@@ -38,6 +38,13 @@ public:
         AppIdSession* asd = snort::appid_api.get_appid_session(*flow);
         if (!asd)
             return; // appid disabled
+        else
+        {
+            // Skip sessions using old odp context after reload detectors
+            AppIdInspector* inspector = (AppIdInspector*) snort::InspectorManager::get_inspector(MOD_NAME, true);
+            if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt())))
+                return;
+        }
 
         DceExpectedSessionEvent& map_resp_event = static_cast<DceExpectedSessionEvent&>(event);
 
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index 9fddf5e58..c1b9925c8 100644
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -203,8 +203,8 @@ ACOdpContextSwap::~ACOdpContextSwap()
 {
     odp_ctxt.get_app_info_mgr().cleanup_appid_info_table();
     delete &odp_ctxt;
-    LogMessage("== reload ODP complete\n");
-    request.respond("== reload ODP complete\n", from_shell, true);
+    LogMessage("== reload detectors complete\n");
+    request.respond("== reload detectors complete\n", from_shell, true);
     Swapper::set_reload_in_progress(false);
 }
 
@@ -290,7 +290,7 @@ static void clear_dynamic_host_cache_services()
     }
 }
 
-static int reload_odp(lua_State* L)
+static int reload_detectors(lua_State* L)
 {
     bool from_shell = ( L != nullptr );
     Request& current_request = get_current_request();
@@ -299,11 +299,11 @@ static int reload_odp(lua_State* L)
         current_request.respond("== reload pending; retry\n", from_shell);
         return 0;
     }
-    current_request.respond(".. reloading ODP\n", from_shell);
+    current_request.respond(".. reloading detectors\n", from_shell);
     AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
     if (!inspector)
     {
-        current_request.respond("== reload ODP failed - appid not enabled\n", from_shell);
+        current_request.respond("== reload detectors failed - appid not enabled\n", from_shell);
         return 0;
     }
     Swapper::set_reload_in_progress(true);
@@ -324,7 +324,7 @@ static int reload_odp(lua_State* L)
     odp_thread_local_ctxt->initialize(ctxt, true, true);
     odp_ctxt.initialize();
 
-    current_request.respond("== swapping ODP configuration\n", from_shell);
+    current_request.respond("== swapping detectors configuration\n", from_shell);
     main_broadcast_command(new ACOdpContextSwap(*inspector, old_odp_ctxt,
         current_request, from_shell), from_shell);
     return 0;
@@ -346,7 +346,7 @@ static const Command appid_cmds[] =
     { "enable_debug", enable_debug, enable_debug_params, "enable appid debugging"},
     { "disable_debug", disable_debug, nullptr, "disable appid debugging"},
     { "reload_third_party", reload_third_party, nullptr, "reload appid third-party module" },
-    { "reload_odp", reload_odp, nullptr, "reload appid open detector package" },
+    { "reload_detectors", reload_detectors, nullptr, "reload appid detectors" },
     { nullptr, nullptr, nullptr, nullptr }
 };
 
diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc
index 0644ead4c..420566bed 100644
--- a/src/network_inspectors/appid/appid_session_api.cc
+++ b/src/network_inspectors/appid/appid_session_api.cc
@@ -25,6 +25,8 @@
 
 #include "appid_session_api.h"
 
+#include "managers/inspector_manager.h"
+#include "appid_inspector.h"
 #include "appid_session.h"
 #include "service_plugins/service_bootp.h"
 #include "service_plugins/service_netbios.h"
@@ -179,6 +181,13 @@ bool AppIdSessionApi::is_appid_inspecting_session() const
 {
     if (!asd)
         return false;
+    else
+    {
+        // Inspection is not done for sessions using old odp context after reload detectors
+        AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+        if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt())))
+            return false;
+    }
 
     if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or
         !asd->is_tp_appid_done() or
diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc
index 54e0b9427..0a5f45e2f 100644
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -27,10 +27,12 @@
 
 #include "log/text_log.h"
 #include "log/unified2.h"
+#include "managers/inspector_manager.h"
 #include "time/packet_time.h"
 
 #include "appid_config.h"
 #include "app_info_table.h"
+#include "appid_inspector.h"
 #include "appid_session.h"
 
 using namespace snort;
@@ -203,8 +205,17 @@ static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* buc
         if ( app_id >= 2000000000 )
             cooked_client = true;
 
+        // Skip stats for sessions using old odp context after reload detectors
+        AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+        OdpContext& odp_ctxt = asd.get_odp_ctxt();
+        if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &odp_ctxt))
+        {
+            snort_free(record);
+            return;
+        }
+
         AppInfoTableEntry* entry
-            = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id);
+            = odp_ctxt.get_app_info_mgr().get_app_info_entry(app_id);
 
         if ( entry )
         {
diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc
index 7d28ae086..9fd0de792 100644
--- a/src/network_inspectors/appid/test/appid_session_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_session_api_test.cc
@@ -36,6 +36,10 @@ AppIdSession* mock_session = nullptr;
 AppIdSessionApi* appid_session_api = nullptr;
 static AppIdConfig config;
 static OdpContext odpctxt(config, nullptr);
+Inspector* InspectorManager::get_inspector(char const*, bool, const snort::SnortConfig*)
+{
+    return nullptr;
+}
 
 namespace snort
 {