From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 28 Jul 2020 03:08:51 +0000 (+0000) Subject: Merge pull request #2344 in SNORT/snort3 from ~SATHIRKA/snort3:odp_reload to master X-Git-Tag: 3.0.2-3~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb170c4c8f0fcf1f994d0fd7d82b248011da1f0a;p=thirdparty%2Fsnort3.git Merge pull request #2344 in SNORT/snort3 from ~SATHIRKA/snort3:odp_reload to master Squashed commit of the following: commit 69b00850064d2f9c30fd53045690ac6c925edeb9 Author: Sreeja Athirkandathil Narayanan Date: Fri Jul 17 16:45:32 2020 -0400 appid: Support ODP reload for multiple packet threads and new session --- diff --git a/src/network_inspectors/appid/app_forecast.cc b/src/network_inspectors/appid/app_forecast.cc index 4e1847237..e87674f9d 100644 --- a/src/network_inspectors/appid/app_forecast.cc +++ b/src/network_inspectors/appid/app_forecast.cc @@ -45,7 +45,7 @@ void check_session_for_AF_indicator(Packet* p, AppidSessionDirection dir, AppId AFActVal new_active_value = AFActVal(ind_element.target, packet_time()); - odp_thread_ctxt->add_af_actives(master_key, new_active_value); + odp_thread_local_ctxt->add_af_actives(master_key, new_active_value); } AppId check_session_for_AF_forecast(AppIdSession& asd, Packet* p, AppidSessionDirection dir, AppId forecast) @@ -53,7 +53,7 @@ AppId check_session_for_AF_forecast(AppIdSession& asd, Packet* p, AppidSessionDi AFActKey master_key(p, dir, forecast); //get out if there is no value - std::map* AF_actives = odp_thread_ctxt->get_af_actives(); + std::map* AF_actives = odp_thread_local_ctxt->get_af_actives(); assert(AF_actives); auto check_act_val = AF_actives->find(master_key); if (check_act_val == AF_actives->end()) @@ -63,7 +63,7 @@ AppId check_session_for_AF_forecast(AppIdSession& asd, Packet* p, AppidSessionDi time_t age = packet_time() - check_act_val->second.last; if (age < 0 || age > 300) { - odp_thread_ctxt->erase_af_actives(master_key); + odp_thread_local_ctxt->erase_af_actives(master_key); return APP_ID_UNKNOWN; } asd.set_payload_id(check_act_val->second.target); diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index 4f072d5f9..3ede28b9b 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -51,9 +51,9 @@ AppIdSession* AppIdApi::get_appid_session(const Flow& flow) return asd; } -const char* AppIdApi::get_application_name(AppId app_id, const AppIdContext& ctxt) +const char* AppIdApi::get_application_name(AppId app_id, OdpContext& odp_ctxt) { - return ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); + return odp_ctxt.get_app_info_mgr().get_app_name(app_id); } const char* AppIdApi::get_application_name(const Flow& flow, bool from_client) @@ -62,6 +62,11 @@ const char* AppIdApi::get_application_name(const Flow& flow, bool from_client) AppIdSession* asd = get_appid_session(flow); if (asd) { + // Skip sessions using old odp context after odp reload + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt()))) + return nullptr; + AppId appid = asd->pick_ss_payload_app_id(); if (appid <= APP_ID_NONE) appid = asd->pick_ss_misc_app_id(); @@ -78,7 +83,7 @@ const char* AppIdApi::get_application_name(const Flow& flow, bool from_client) appid = asd->pick_ss_client_app_id(); } if (appid > APP_ID_NONE && appid < SF_APPID_MAX) - app_name = asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(appid); + app_name = asd->get_odp_ctxt().get_app_info_mgr().get_app_name(appid); } @@ -145,9 +150,9 @@ uint32_t AppIdApi::consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t, IpP AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); if (inspector) { - asd = new AppIdSession(proto, ip, port, *inspector); + asd = new AppIdSession(proto, ip, port, *inspector, inspector->get_ctxt().get_odp_ctxt()); flow.set_flow_data(asd); - asd->set_service_id(appHA->appId[1], asd->ctxt.get_odp_ctxt()); + asd->set_service_id(appHA->appId[1], asd->get_odp_ctxt()); if (asd->get_service_id() == APP_ID_FTP_CONTROL) { asd->set_session_flags(APPID_SESSION_CLIENT_DETECTED | @@ -184,7 +189,7 @@ uint32_t AppIdApi::consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t, IpP asd->set_session_flags(APPID_SESSION_HTTP_SESSION); asd->set_tp_app_id(appHA->appId[0]); - asd->set_service_id(appHA->appId[1], asd->ctxt.get_odp_ctxt()); + asd->set_service_id(appHA->appId[1], asd->get_odp_ctxt()); asd->client_inferred_service_id = appHA->appId[2]; asd->set_port_service_id(appHA->appId[3]); AppIdHttpSession* hsession = nullptr; @@ -218,8 +223,13 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name, if (asd) { + // Skip detection for sessions using old odp context after odp reload + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + if (inspector and (&(inspector->get_ctxt().get_odp_ctxt()) != &(asd->get_odp_ctxt()))) + return false; + AppidChangeBits change_bits; - SslPatternMatchers& ssl_matchers = asd->ctxt.get_odp_ctxt().get_ssl_matchers(); + SslPatternMatchers& ssl_matchers = asd->get_odp_ctxt().get_ssl_matchers(); if (!asd->tsession) asd->tsession = new TlsSession(); else if (sni_mismatch) diff --git a/src/network_inspectors/appid/appid_api.h b/src/network_inspectors/appid/appid_api.h index 26ba15426..ed4f60237 100644 --- a/src/network_inspectors/appid/appid_api.h +++ b/src/network_inspectors/appid/appid_api.h @@ -53,7 +53,7 @@ public: SO_PRIVATE AppIdApi() = default; AppIdSession* get_appid_session(const Flow& flow); - const char* get_application_name(AppId app_id, const AppIdContext& ctxt); + const char* get_application_name(AppId app_id, OdpContext& odp_ctxt); const char* get_application_name(const Flow& flow, bool from_client); AppId get_application_id(const char* appName, const AppIdContext& ctxt); uint32_t produce_ha_state(const Flow& flow, uint8_t* buf); diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 6514d2e0c..844d27d79 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -87,8 +87,6 @@ void AppIdConfig::show() const ConfigLogger::log_flag("log_all_sessions", log_all_sessions); ConfigLogger::log_flag("log_stats", log_stats); ConfigLogger::log_value("memcap", memcap); - - ConfigLogger::log_flag("load_odp_detectors_in_ctrl", load_odp_detectors_in_ctrl); } void AppIdContext::pterm() @@ -97,9 +95,9 @@ void AppIdContext::pterm() odp_ctxt->get_app_info_mgr().cleanup_appid_info_table(); delete odp_ctxt; - assert(odp_thread_ctxt); - delete odp_thread_ctxt; - odp_thread_ctxt = nullptr; + assert(odp_thread_local_ctxt); + delete odp_thread_local_ctxt; + odp_thread_local_ctxt = nullptr; } bool AppIdContext::init_appid(SnortConfig* sc) @@ -108,8 +106,8 @@ bool AppIdContext::init_appid(SnortConfig* sc) if (!odp_ctxt) odp_ctxt = new OdpContext(config, sc); - if (!odp_thread_ctxt) - odp_thread_ctxt = new OdpThreadContext(true); + if (!odp_thread_local_ctxt) + odp_thread_local_ctxt = new OdpThreadContext(true); // FIXIT-M: RELOAD - Get rid of "once" flag // Handle the if condition in AppIdContext::init_appid @@ -118,7 +116,7 @@ bool AppIdContext::init_appid(SnortConfig* sc) { odp_ctxt->get_client_disco_mgr().initialize(); odp_ctxt->get_service_disco_mgr().initialize(); - odp_thread_ctxt->initialize(*this, true); + odp_thread_local_ctxt->initialize(*this, true); odp_ctxt->initialize(); // do not reload third party on reload_config() @@ -131,6 +129,13 @@ bool AppIdContext::init_appid(SnortConfig* sc) return true; } +void AppIdContext::create_odp_ctxt() +{ + SnortConfig* sc = SnortConfig::get_main_conf(); + SearchTool::set_conf(sc); + odp_ctxt = new OdpContext(config, sc); +} + void AppIdContext::create_tp_appid_ctxt() { tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt); @@ -248,13 +253,12 @@ OdpThreadContext::OdpThreadContext(bool is_control) AF_actives = new std::map; } -void OdpThreadContext::initialize(AppIdContext& ctxt, bool is_control) +void OdpThreadContext::initialize(AppIdContext& ctxt, bool is_control, bool reload_odp) { - if (!is_control and ctxt.config.load_odp_detectors_in_ctrl) + if (!is_control and reload_odp) LuaDetectorManager::init_thread_manager(ctxt); else - LuaDetectorManager::initialize(ctxt, is_control? 1 : 0, - ctxt.config.load_odp_detectors_in_ctrl); + LuaDetectorManager::initialize(ctxt, is_control? 1 : 0, reload_odp); } OdpThreadContext::~OdpThreadContext() diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 6a96b8c9d..08edfe6ab 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -75,7 +75,6 @@ public: size_t memcap = 0; bool list_odp_detectors = false; bool log_all_sessions = false; - bool load_odp_detectors_in_ctrl = false; SnortProtocolId snortId_for_unsynchronized; SnortProtocolId snortId_for_ftp_data; SnortProtocolId snortId_for_http2; @@ -212,7 +211,7 @@ class OdpThreadContext public: OdpThreadContext(bool is_control=false); ~OdpThreadContext(); - void initialize(AppIdContext& ctxt, bool is_control=false); + void initialize(AppIdContext& ctxt, bool is_control=false, bool reload_odp=false); void set_lua_detector_mgr(LuaDetectorManager& mgr) { @@ -267,6 +266,7 @@ public: static void delete_tp_appid_ctxt() { delete tp_appid_ctxt; } + void create_odp_ctxt(); void create_tp_appid_ctxt(); bool init_appid(snort::SnortConfig*); static void pterm(); diff --git a/src/network_inspectors/appid/appid_dcerpc_event_handler.h b/src/network_inspectors/appid/appid_dcerpc_event_handler.h index 985d34ddb..c7cf8d6fa 100644 --- a/src/network_inspectors/appid/appid_dcerpc_event_handler.h +++ b/src/network_inspectors/appid/appid_dcerpc_event_handler.h @@ -54,7 +54,7 @@ public: if (fp) // initialize data session { - fp->set_service_id(APP_ID_DCE_RPC, asd->ctxt.get_odp_ctxt()); + fp->set_service_id(APP_ID_DCE_RPC, asd->get_odp_ctxt()); asd->initialize_future_session(*fp, APPID_SESSION_IGNORE_ID_FLAGS, APP_ID_FROM_RESPONDER); } diff --git a/src/network_inspectors/appid/appid_detector.h b/src/network_inspectors/appid/appid_detector.h index bde7edc1b..7629a410e 100644 --- a/src/network_inspectors/appid/appid_detector.h +++ b/src/network_inspectors/appid/appid_detector.h @@ -77,7 +77,7 @@ class AppIdDiscoveryArgs public: AppIdDiscoveryArgs(const uint8_t* data, uint16_t size, AppidSessionDirection dir, AppIdSession& asd, snort::Packet* p, AppidChangeBits& cb) : data(data), - size(size), dir(dir), asd(asd), pkt(p), ctxt(asd.ctxt), change_bits(cb) + size(size), dir(dir), asd(asd), pkt(p), change_bits(cb) {} const uint8_t* data; @@ -85,7 +85,6 @@ public: AppidSessionDirection dir; AppIdSession& asd; snort::Packet* pkt; - const AppIdContext& ctxt; AppidChangeBits& change_bits; }; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 8e45b4b6c..f623b9e6d 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -115,14 +115,14 @@ int AppIdDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) } void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector, - ThirdPartyAppIdContext* tp_appid_ctxt) + OdpContext& odp_ctxt, ThirdPartyAppIdContext* tp_appid_ctxt) { IpProtocol protocol = IpProtocol::PROTO_NOT_SET; IpProtocol outer_protocol = IpProtocol::PROTO_NOT_SET; AppidSessionDirection direction = APP_ID_FROM_INITIATOR; AppIdSession* asd = (AppIdSession*)p->flow->get_flow_data(AppIdSession::inspector_id); - if (!do_pre_discovery(p, asd, inspector, protocol, outer_protocol, direction)) + if (!do_pre_discovery(p, asd, inspector, protocol, outer_protocol, direction, odp_ctxt)) return; AppId service_id = APP_ID_NONE; @@ -365,8 +365,17 @@ static uint64_t is_session_monitored(const Packet* p, AppidSessionDirection dir) // Return false if the packet or the session doesn't need to be inspected bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspector& inspector, - IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction) + IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction, + OdpContext& odp_ctxt) { + // Skip inspection for sessions using old odp context after an odp reload + if (asd and (&(asd->get_odp_ctxt()) != &(inspector.get_ctxt().get_odp_ctxt()))) + { + appid_stats.odp_reload_ignored_pkts++; + appid_stats.tp_reload_ignored_pkts++; + return false; + } + if (!set_network_attributes(asd, p, protocol, outer_protocol, direction)) { appid_stats.ignored_packets++; @@ -391,7 +400,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec if (!asd) { - asd = AppIdSession::allocate_session(p, protocol, direction, &inspector); + asd = AppIdSession::allocate_session(p, protocol, direction, &inspector, odp_ctxt); if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM) { flow_flags |= APPID_SESSION_MID; @@ -445,7 +454,7 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec if (appidDebug->is_active()) { const char *app_name = - asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd->get_service_id()); + asd->get_odp_ctxt().get_app_info_mgr().get_app_name(asd->get_service_id()); LogMessage("AppIdDbg %s Ignoring connection with service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd->get_service_id()); @@ -549,14 +558,14 @@ void AppIdDiscovery::do_port_based_discovery(Packet* p, AppIdSession& asd, IpPro return; } - AppId id = asd.ctxt.get_odp_ctxt().get_port_service_id(protocol, p->ptrs.sp); + AppId id = asd.get_odp_ctxt().get_port_service_id(protocol, p->ptrs.sp); if (id > APP_ID_NONE) { asd.set_port_service_id(id); if (appidDebug->is_active()) { AppId ps_id = asd.get_port_service_id(); - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id); LogMessage("AppIdDbg %s Port service %s (%d) from port\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd.get_port_service_id()); @@ -578,10 +587,10 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, check_static = true; if ((asd.session_packet_count % - asd.ctxt.get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and + asd.get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and (asd.session_packet_count <= - asd.ctxt.get_odp_ctxt().host_port_app_cache_lookup_range) and - asd.ctxt.get_odp_ctxt().is_host_port_app_cache_runtime) + asd.get_odp_ctxt().host_port_app_cache_lookup_range) and + asd.get_odp_ctxt().is_host_port_app_cache_runtime) check_dynamic = true; if (!(check_static || check_dynamic)) @@ -615,7 +624,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, HostPortVal* hv = nullptr; if (check_static and - (hv = asd.ctxt.get_odp_ctxt().host_port_cache_find(ip, port, protocol))) + (hv = asd.get_odp_ctxt().host_port_cache_find(ip, port, protocol))) { asd.scan_flags |= SCAN_HOST_PORT_FLAG; switch (hv->type) @@ -628,7 +637,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, asd.set_payload_id(hv->appId); break; default: - asd.set_service_id(hv->appId, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(hv->appId, asd.get_odp_ctxt()); asd.sync_with_snort_protocol_id(hv->appId, p); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; asd.client_disco_state = APPID_DISCO_STATE_FINISHED; @@ -652,7 +661,7 @@ bool AppIdDiscovery::do_host_port_based_discovery(Packet* p, AppIdSession& asd, if (ht) { AppId appid = ht->get_appid(port, protocol, true, - asd.ctxt.get_odp_ctxt().allow_port_wildcard_host_cache); + asd.get_odp_ctxt().allow_port_wildcard_host_cache); if (appid > APP_ID_NONE) { // FIXIT-L: Make this more generic to support service and payload IDs @@ -672,12 +681,12 @@ static inline bool is_check_host_cache_valid(AppIdSession& asd, AppId service_id bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and misc_id <= APP_ID_NONE); bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or - (asd.ctxt.get_odp_ctxt().recheck_for_portservice_appid and + (asd.get_odp_ctxt().recheck_for_portservice_appid and service_id == asd.get_port_service_id())); - bool is_ssl_none = asd.ctxt.get_odp_ctxt().check_host_cache_unknown_ssl and + bool is_ssl_none = asd.get_odp_ctxt().check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and (not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname())); - if (is_appid_none or is_ssl_none or asd.ctxt.get_odp_ctxt().check_host_port_app_cache) + if (is_appid_none or is_ssl_none or asd.get_odp_ctxt().check_host_port_app_cache) return true; return false; } @@ -693,14 +702,14 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto if (outer_protocol != IpProtocol::PROTO_NOT_SET) { - AppId id = asd.ctxt.get_odp_ctxt().get_protocol_service_id(outer_protocol); + AppId id = asd.get_odp_ctxt().get_protocol_service_id(outer_protocol); if (id > APP_ID_NONE) { asd.misc_app_id = misc_id = id; if (appidDebug->is_active()) { const char *app_name = - asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.misc_app_id); + asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.misc_app_id); LogMessage("AppIdDbg %s Outer protocol service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd.misc_app_id); @@ -712,7 +721,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto { if ( !asd.get_session_flags(APPID_SESSION_PORT_SERVICE_DONE) ) { - AppId id = asd.ctxt.get_odp_ctxt().get_protocol_service_id(protocol); + AppId id = asd.get_odp_ctxt().get_protocol_service_id(protocol); if (id > APP_ID_NONE) { asd.set_port_service_id(id); @@ -722,7 +731,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto { AppId ps_id = asd.get_port_service_id(); const char *app_name = - asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id); + asd.get_odp_ctxt().get_app_info_mgr().get_app_name(ps_id); LogMessage("AppIdDbg %s Protocol service %s (%d) from protocol\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", ps_id); } @@ -750,6 +759,8 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto if (!is_tp_done) is_discovery_done = do_tp_discovery(*tp_appid_ctxt, asd, protocol, p, direction, change_bits); + else + appid_stats.tp_reload_ignored_pkts++; } else if (!tp_appid_ctxt->get_tp_reload_in_progress()) is_discovery_done = do_tp_discovery(*tp_appid_ctxt, asd, protocol, p, @@ -762,7 +773,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto // exceptions for rexec and any other service detector that need to see SYN and SYN/ACK if (asd.get_session_flags(APPID_SESSION_REXEC_STDERR)) { - asd.ctxt.get_odp_ctxt().get_service_disco_mgr().identify_service(asd, p, direction, + asd.get_odp_ctxt().get_service_disco_mgr().identify_service(asd, p, direction, change_bits); if (asd.get_session_flags(APPID_SESSION_SERVICE_DETECTED | @@ -778,11 +789,11 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto { if (asd.service_disco_state != APPID_DISCO_STATE_FINISHED) is_discovery_done = - asd.ctxt.get_odp_ctxt().get_service_disco_mgr().do_service_discovery(asd, p, + asd.get_odp_ctxt().get_service_disco_mgr().do_service_discovery(asd, p, direction, change_bits); if (asd.client_disco_state != APPID_DISCO_STATE_FINISHED) is_discovery_done = - asd.ctxt.get_odp_ctxt().get_client_disco_mgr().do_client_discovery(asd, p, + asd.get_odp_ctxt().get_client_disco_mgr().do_client_discovery(asd, p, direction, change_bits); asd.set_session_flags(APPID_SESSION_ADDITIONAL_PACKET); } @@ -799,14 +810,14 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto asd.length_sequence.sequence_cnt++; asd.length_sequence.sequence[index].direction = direction; asd.length_sequence.sequence[index].length = p->dsize; - AppId id = asd.ctxt.get_odp_ctxt().length_cache_find(asd.length_sequence); + AppId id = asd.get_odp_ctxt().length_cache_find(asd.length_sequence); if (id > APP_ID_NONE) { service_id = id; asd.set_port_service_id(id); if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(id); LogMessage("AppIdDbg %s Port service %s (%d) from length\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", id); } @@ -871,7 +882,7 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd, if (payload_id != asd.past_indicator and payload_id != APP_ID_NONE) { asd.past_indicator = payload_id; - check_session_for_AF_indicator(p, direction, (AppId)payload_id, asd.ctxt.get_odp_ctxt()); + check_session_for_AF_indicator(p, direction, (AppId)payload_id, asd.get_odp_ctxt()); } if (asd.past_forecast != service_id and asd.past_forecast != APP_ID_UNKNOWN and diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index 1447873a6..a0c037ef0 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -41,6 +41,7 @@ class AppIdDetector; class ServiceDetector; struct ServiceDetectorPort; class ThirdPartyAppIdContext; +class OdpContext; namespace snort { @@ -112,7 +113,7 @@ public: virtual int add_service_port(AppIdDetector*, const ServiceDetectorPort&); static void do_application_discovery(snort::Packet* p, AppIdInspector&, - ThirdPartyAppIdContext*); + OdpContext&, ThirdPartyAppIdContext*); AppIdDetectors* get_tcp_detectors() { @@ -135,7 +136,8 @@ protected: private: static bool do_pre_discovery(snort::Packet* p, AppIdSession*& asd, AppIdInspector& inspector, - IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction); + IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction, + OdpContext& odp_ctxt); static bool do_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol, IpProtocol outer_protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id, AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits, diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc index 87b5b60b9..27d233976 100644 --- a/src/network_inspectors/appid/appid_http_event_handler.cc +++ b/src/network_inspectors/appid/appid_http_event_handler.cc @@ -29,10 +29,12 @@ #include +#include "managers/inspector_manager.h" #include "app_info_table.h" #include "appid_debug.h" #include "appid_discovery.h" #include "appid_http_session.h" +#include "appid_inspector.h" #include "appid_session.h" #include "utils/util.h" @@ -44,6 +46,13 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) AppIdSession* asd = appid_api.get_appid_session(*flow); if (!asd) return; + else + { + // Skip detection for sessions using old odp context after odp reload + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + if (inspector and (&(asd->get_odp_ctxt()) != &(inspector->get_ctxt().get_odp_ctxt()))) + return; + } AppidSessionDirection direction; const uint8_t* header_start; @@ -51,7 +60,7 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) HttpEvent* http_event = (HttpEvent*)&event; AppidChangeBits change_bits; - if (asd->ctxt.get_tp_appid_ctxt() && !http_event->get_is_http2()) + if (asd->get_tp_appid_ctxt() && !http_event->get_is_http2()) return; if (appidDebug->is_active()) @@ -171,11 +180,11 @@ void HttpEventHandler::handle(DataEvent& event, Flow* flow) if (http_event->get_is_http2()) { - asd->set_service_id(APP_ID_HTTP2, asd->ctxt.get_odp_ctxt()); + asd->set_service_id(APP_ID_HTTP2, asd->get_odp_ctxt()); } hsession->process_http_packet(direction, change_bits, - asd->ctxt.get_odp_ctxt().get_http_matchers()); + asd->get_odp_ctxt().get_http_matchers()); if (asd->get_service_id() != APP_ID_HTTP2) asd->set_ss_application_ids(asd->pick_service_app_id(), asd->pick_ss_client_app_id(), diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index 05c8dcf47..6495eafe3 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -285,7 +285,7 @@ void AppIdHttpSession::process_chp_buffers(AppidChangeBits& change_bits, HttpPat { int num_found = 0; cmd.cur_ptype = (HttpFieldIds)i; - AppId ret = http_matchers.scan_chp(cmd, &version, &user, &num_found, this, asd.ctxt); + AppId ret = http_matchers.scan_chp(cmd, &version, &user, &num_found, this, asd.get_odp_ctxt()); total_found += num_found; if (!ret || num_found < ptype_req_counts[i]) { @@ -413,7 +413,7 @@ void AppIdHttpSession::set_client(AppId app_id, AppidChangeBits& change_bits, co if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); LogMessage("AppIdDbg %s %s is client %s (%d)\n", appidDebug->get_debug_session(), type, app_name ? app_name : "unknown", app_id); } @@ -431,7 +431,7 @@ void AppIdHttpSession::set_payload(AppId app_id, AppidChangeBits& change_bits, c if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); if(app_id == APP_ID_UNKNOWN) LogMessage("AppIdDbg %s Payload is Unknown (%d)\n", appidDebug->get_debug_session(), app_id); @@ -451,7 +451,7 @@ void AppIdHttpSession::set_referred_payload(AppId app_id, AppidChangeBits& chang if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); LogMessage("AppIdDbg %s URL is referred %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", app_id); } @@ -509,7 +509,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (asd.get_service_id() == APP_ID_NONE or asd.get_service_id() == APP_ID_HTTP2) { if (asd.get_service_id() == APP_ID_NONE) - asd.set_service_id(APP_ID_HTTP, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(APP_ID_HTTP, asd.get_odp_ctxt()); asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; } @@ -575,7 +575,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and asd.get_service_id() != service_id) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); LogMessage("AppIdDbg %s User Agent is service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", service_id); } @@ -619,7 +619,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, asd.set_service_appid_data(app_id, change_bits, version); if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id); LogMessage("AppIdDbg %s X service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", app_id); } @@ -656,7 +656,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if ( http_matchers.get_appid_from_url(my_host, urlStr, &version, refStr, &client_id, &service_id, &payload_id, - &referredPayloadAppId, false, asd.ctxt.get_odp_ctxt()) ) + &referredPayloadAppId, false, asd.get_odp_ctxt()) ) { // do not overwrite a previously-set client or service if (client.get_id() <= APP_ID_NONE and client_id != APP_ID_HTTP) @@ -667,7 +667,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id != APP_ID_HTTP && asd.get_service_id() != service_id) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id); LogMessage("AppIdDbg %s URL is service %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", @@ -695,7 +695,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, AppId tp_payload_app_id = asd.get_tp_payload_app_id(); if (tp_payload_app_id > APP_ID_NONE) { - entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id); + entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id); // only move tpPayloadAppId to client if client app id is valid if (entry && entry->clientId > APP_ID_NONE) { @@ -705,7 +705,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, } else if (payload.get_id() > APP_ID_NONE) { - entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(payload.get_id()); + entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(payload.get_id()); // only move payload_app_id to client if it has a ClientAppid if (entry && entry->clientId > APP_ID_NONE) { diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index 67ff4c4c1..3f4d45553 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -52,8 +52,9 @@ #include "tp_lib_handler.h" using namespace snort; -THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt = nullptr; -THREAD_LOCAL OdpThreadContext* odp_thread_ctxt = nullptr; +THREAD_LOCAL ThirdPartyAppIdContext* pkt_thread_tp_appid_ctxt = nullptr; +THREAD_LOCAL OdpThreadContext* odp_thread_local_ctxt = nullptr; +THREAD_LOCAL OdpContext* pkt_thread_odp_ctxt = nullptr; static THREAD_LOCAL PacketTracer::TracerMute appid_mute; @@ -64,28 +65,30 @@ static void openssl_cleanup() CRYPTO_cleanup_all_ex_data(); } -static void add_appid_to_packet_trace(Flow& flow) +static void add_appid_to_packet_trace(Flow& flow, OdpContext& odp_context) { AppIdSession* session = appid_api.get_appid_session(flow); - if (session) + // Skip sessions using old odp context after odp reload + if (!session || (&(session->get_odp_ctxt()) != &odp_context)) + return; + + AppId service_id, client_id, payload_id, misc_id; + const char* service_app_name, * client_app_name, * payload_app_name, * misc_name; + OdpContext& odp_ctxt = session->get_odp_ctxt(); + session->get_api().get_first_stream_app_ids(service_id, client_id, payload_id, misc_id); + service_app_name = appid_api.get_application_name(service_id, odp_ctxt); + client_app_name = appid_api.get_application_name(client_id, odp_ctxt); + payload_app_name = appid_api.get_application_name(payload_id, odp_ctxt); + misc_name = appid_api.get_application_name(misc_id, odp_ctxt); + + if (PacketTracer::is_active()) { - AppId service_id, client_id, payload_id, misc_id; - const char* service_app_name, * client_app_name, * payload_app_name, * misc_name; - session->get_api().get_first_stream_app_ids(service_id, client_id, payload_id, misc_id); - service_app_name = appid_api.get_application_name(service_id, session->ctxt); - client_app_name = appid_api.get_application_name(client_id, session->ctxt); - payload_app_name = appid_api.get_application_name(payload_id, session->ctxt); - misc_name = appid_api.get_application_name(misc_id, session->ctxt); - - if (PacketTracer::is_active()) - { - PacketTracer::log(appid_mute, - "AppID: service: %s(%d), client: %s(%d), payload: %s(%d), misc: %s(%d)\n", - (service_app_name ? service_app_name : ""), service_id, - (client_app_name ? client_app_name : ""), client_id, - (payload_app_name ? payload_app_name : ""), payload_id, - (misc_name ? misc_name : ""), misc_id); - } + PacketTracer::log(appid_mute, + "AppID: service: %s(%d), client: %s(%d), payload: %s(%d), misc: %s(%d)\n", + (service_app_name ? service_app_name : ""), service_id, + (client_app_name ? client_app_name : ""), client_id, + (payload_app_name ? payload_app_name : ""), payload_id, + (misc_name ? misc_name : ""), misc_id); } } @@ -143,15 +146,18 @@ void AppIdInspector::tinit() AppIdStatistics::initialize_manager(*config); - assert(!odp_thread_ctxt); - odp_thread_ctxt = new OdpThreadContext(); - odp_thread_ctxt->initialize(*ctxt); + assert(!pkt_thread_odp_ctxt); + pkt_thread_odp_ctxt = &(ctxt->get_odp_ctxt()); + + assert(!odp_thread_local_ctxt); + odp_thread_local_ctxt = new OdpThreadContext(); + odp_thread_local_ctxt->initialize(*ctxt); AppIdServiceState::initialize(config->memcap); - assert(!tp_appid_thread_ctxt); - tp_appid_thread_ctxt = ctxt->get_tp_appid_ctxt(); - if (tp_appid_thread_ctxt) - tp_appid_thread_ctxt->tinit(); + assert(!pkt_thread_tp_appid_ctxt); + pkt_thread_tp_appid_ctxt = ctxt->get_tp_appid_ctxt(); + if (pkt_thread_tp_appid_ctxt) + pkt_thread_tp_appid_ctxt->tinit(); if (ctxt->config.log_all_sessions) appidDebug->set_enabled(true); } @@ -160,9 +166,9 @@ void AppIdInspector::tterm() { AppIdStatistics::cleanup(); AppIdDiscovery::tterm(); - assert(odp_thread_ctxt); - delete odp_thread_ctxt; - odp_thread_ctxt = nullptr; + assert(odp_thread_local_ctxt); + delete odp_thread_local_ctxt; + odp_thread_local_ctxt = nullptr; ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt(); if (tp_appid_ctxt) tp_appid_ctxt->tfini(); @@ -175,10 +181,10 @@ void AppIdInspector::eval(Packet* p) if (p->flow) { - AppIdDiscovery::do_application_discovery(p, *this, tp_appid_thread_ctxt); + AppIdDiscovery::do_application_discovery(p, *this, *pkt_thread_odp_ctxt, pkt_thread_tp_appid_ctxt); // FIXIT-L tag verdict reason as appid for daq if (PacketTracer::is_active()) - add_appid_to_packet_trace(*p->flow); + add_appid_to_packet_trace(*p->flow, *pkt_thread_odp_ctxt); } else appid_stats.ignored_packets++; diff --git a/src/network_inspectors/appid/appid_inspector.h b/src/network_inspectors/appid/appid_inspector.h index c26d02ee7..0f9d327b6 100644 --- a/src/network_inspectors/appid/appid_inspector.h +++ b/src/network_inspectors/appid/appid_inspector.h @@ -60,8 +60,9 @@ private: }; -extern THREAD_LOCAL OdpThreadContext* odp_thread_ctxt; -extern THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt; +extern THREAD_LOCAL OdpThreadContext* odp_thread_local_ctxt; +extern THREAD_LOCAL OdpContext* pkt_thread_odp_ctxt; +extern THREAD_LOCAL ThirdPartyAppIdContext* pkt_thread_tp_appid_ctxt; #endif diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index f670fed10..20ebe58bf 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -32,7 +32,6 @@ #include "main/analyzer_command.h" #include "main/snort.h" #include "main/swapper.h" -#include "main/thread_config.h" #include "managers/inspector_manager.h" #include "profiler/profiler.h" #include "src/main.h" @@ -87,8 +86,6 @@ static const Parameter s_params[] = "print third party configuration on startup" }, { "log_all_sessions", Parameter::PT_BOOL, nullptr, "false", "enable logging of all appid sessions" }, - { "load_odp_detectors_in_ctrl", Parameter::PT_BOOL, nullptr, "false", - "load odp detectors in control thread" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -145,16 +142,16 @@ private: bool ACThirdPartyAppIdContextSwap::execute(Analyzer&, void**) { - assert(tp_appid_thread_ctxt); + assert(pkt_thread_tp_appid_ctxt); ThirdPartyAppIdContext* tp_appid_ctxt = inspector.get_ctxt().get_tp_appid_ctxt(); - assert(tp_appid_thread_ctxt != tp_appid_ctxt); - bool reload_in_progress = tp_appid_thread_ctxt->tfini(true); - tp_appid_thread_ctxt->set_tp_reload_in_progress(reload_in_progress); + assert(pkt_thread_tp_appid_ctxt != tp_appid_ctxt); + bool reload_in_progress = pkt_thread_tp_appid_ctxt->tfini(true); + pkt_thread_tp_appid_ctxt->set_tp_reload_in_progress(reload_in_progress); if (reload_in_progress) return false; request.respond("== swapping third-party configuration\n", from_shell); tp_appid_ctxt->tinit(); - tp_appid_thread_ctxt = tp_appid_ctxt; + pkt_thread_tp_appid_ctxt = tp_appid_ctxt; return true; } @@ -167,6 +164,53 @@ ACThirdPartyAppIdContextSwap::~ACThirdPartyAppIdContextSwap() request.respond("== reload third-party complete\n", from_shell, true); } +class ACOdpContextSwap : public AnalyzerCommand +{ +public: + bool execute(Analyzer&, void**) override; + ACOdpContextSwap(const AppIdInspector& inspector, OdpContext& odp_ctxt, + Request& current_request, bool from_shell) : inspector(inspector), + odp_ctxt(odp_ctxt), request(current_request), from_shell(from_shell) { } + ~ACOdpContextSwap() override; + const char* stringify() override { return "ODP_CONTEXT_SWAP"; } +private: + const AppIdInspector& inspector; + OdpContext& odp_ctxt; + Request& request; + bool from_shell; +}; + +bool ACOdpContextSwap::execute(Analyzer&, void**) +{ + AppIdContext& ctxt = inspector.get_ctxt(); + OdpContext& current_odp_ctxt = ctxt.get_odp_ctxt(); + assert(pkt_thread_odp_ctxt != ¤t_odp_ctxt); + + LogMessage("== swapping ODP configuration\n"); + request.respond("== swapping ODP configuration\n", from_shell); + + AppIdServiceState::clean(); + AppIdPegCounts::cleanup_pegs(); + AppIdServiceState::initialize(ctxt.config.memcap); + AppIdPegCounts::init_pegs(); + + pkt_thread_odp_ctxt = ¤t_odp_ctxt; + assert(odp_thread_local_ctxt); + delete odp_thread_local_ctxt; + odp_thread_local_ctxt = new OdpThreadContext(); + odp_thread_local_ctxt->initialize(ctxt, false, true); + return true; +} + +ACOdpContextSwap::~ACOdpContextSwap() +{ + odp_ctxt.get_app_info_mgr().cleanup_appid_info_table(); + delete &odp_ctxt; + LogMessage("== reload ODP complete\n"); + request.respond("== reload ODP complete\n", from_shell); + Swapper::set_reload_in_progress(false); +} + static int enable_debug(lua_State* L) { int proto = luaL_optint(L, 1, 0); @@ -239,6 +283,44 @@ static int reload_third_party(lua_State* L) return 0; } +static int reload_odp(lua_State* L) +{ + bool from_shell = ( L != nullptr ); + Request& current_request = get_current_request(); + if (Swapper::get_reload_in_progress()) + { + current_request.respond("== reload pending; retry\n", from_shell); + return 0; + } + current_request.respond(".. reloading ODP\n", from_shell); + AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME); + if (!inspector) + { + current_request.respond("== reload ODP failed - appid not enabled\n", from_shell); + return 0; + } + Swapper::set_reload_in_progress(true); + + AppIdContext& ctxt = inspector->get_ctxt(); + OdpContext& old_odp_ctxt = ctxt.get_odp_ctxt(); + AppIdPegCounts::cleanup_peg_info(); + LuaDetectorManager::clear_lua_detector_mgrs(); + ctxt.create_odp_ctxt(); + assert(odp_thread_local_ctxt); + delete odp_thread_local_ctxt; + odp_thread_local_ctxt = new OdpThreadContext(true); + + OdpContext& odp_ctxt = ctxt.get_odp_ctxt(); + odp_ctxt.get_client_disco_mgr().initialize(); + odp_ctxt.get_service_disco_mgr().initialize(); + odp_thread_local_ctxt->initialize(ctxt, true, true); + odp_ctxt.initialize(); + + main_broadcast_command(new ACOdpContextSwap(*inspector, old_odp_ctxt, + current_request, from_shell), from_shell); + return 0; +} + static const Parameter enable_debug_params[] = { { "proto", Parameter::PT_INT, nullptr, nullptr, "numerical IP protocol ID filter" }, @@ -255,6 +337,7 @@ static const Command appid_cmds[] = { "enable_debug", enable_debug, enable_debug_params, "enable appid debugging"}, { "disable_debug", disable_debug, nullptr, "disable appid debugging"}, { "reload_third_party", reload_third_party, nullptr, "reload appid third-party module" }, + { "reload_odp", reload_odp, nullptr, "reload appid open detector package" }, { nullptr, nullptr, nullptr, nullptr } }; @@ -268,6 +351,8 @@ static const PegInfo appid_pegs[] = { CountType::SUM, "service_cache_prunes", "number of times the service cache was pruned" }, { CountType::SUM, "service_cache_adds", "number of times an entry was added to the service cache" }, { CountType::SUM, "service_cache_removes", "number of times an item was removed from the service cache" }, + { CountType::SUM, "odp_reload_ignored_pkts", "count of packets ignored after open detector package is reloaded" }, + { CountType::SUM, "tp_reload_ignored_pkts", "count of packets ignored after third-party module is reloaded" }, { CountType::END, nullptr, nullptr }, }; @@ -332,8 +417,6 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*) config->list_odp_detectors = v.get_bool(); else if ( v.is("log_all_sessions") ) config->log_all_sessions = v.get_bool(); - else if ( v.is("load_odp_detectors_in_ctrl") ) - config->load_odp_detectors_in_ctrl = v.get_bool(); return true; } diff --git a/src/network_inspectors/appid/appid_pegs.h b/src/network_inspectors/appid/appid_pegs.h index 5d4c6fc3a..e57008f1c 100644 --- a/src/network_inspectors/appid/appid_pegs.h +++ b/src/network_inspectors/appid/appid_pegs.h @@ -33,6 +33,8 @@ struct AppIdStats PegCount service_cache_prunes; PegCount service_cache_adds; PegCount service_cache_removes; + PegCount odp_reload_ignored_pkts; + PegCount tp_reload_ignored_pkts; }; #endif diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index cd1b7e9c4..135e45000 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -75,7 +75,7 @@ const uint8_t* service_strstr(const uint8_t* haystack, unsigned haystack_len, } AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, - AppidSessionDirection direction, AppIdInspector* inspector) + AppidSessionDirection direction, AppIdInspector* inspector, OdpContext& odp_context) { uint16_t port = 0; @@ -85,18 +85,19 @@ AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto, (p->ptrs.sp != p->ptrs.dp)) port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp; - AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector); + AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector, odp_context); asd->flow = p->flow; asd->stats.first_packet_second = p->pkth->ts.tv_sec; - asd->snort_protocol_id = asd->ctxt.config.snortId_for_unsynchronized; + asd->snort_protocol_id = asd->config.snortId_for_unsynchronized; p->flow->set_flow_data(asd); return asd; } AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, - AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), ctxt(inspector.get_ctxt()), - protocol(proto), api(*(new AppIdSessionApi(this, *ip))) + AppIdInspector& inspector, OdpContext& odp_ctxt) + : FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config), + protocol(proto), api(*(new AppIdSessionApi(this, *ip))), + odp_ctxt(odp_ctxt), tp_appid_ctxt(inspector.get_ctxt().get_tp_appid_ctxt()) { service_ip.clear(); session_id = ++appid_flow_data_id; @@ -109,7 +110,7 @@ AppIdSession::~AppIdSession() { if (!in_expected_cache) { - if (ctxt.config.log_stats) + if (config.log_stats) AppIdStatistics::get_stats_manager()->update(*this); // fail any service detection that is in process for this flow @@ -133,7 +134,7 @@ AppIdSession::~AppIdSession() if (tpsession) { - if (&(tpsession->get_ctxt()) == tp_appid_thread_ctxt) + if (&(tpsession->get_ctxt()) == pkt_thread_tp_appid_ctxt) tpsession->delete_with_ctxt(); else delete tpsession; @@ -188,7 +189,8 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S // FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify - AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector); + AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector, + inspector->get_ctxt().get_odp_ctxt()); if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp, cliPort, srvIp, srvPort, snort_protocol_id, asd)) @@ -335,7 +337,7 @@ void AppIdSession::sync_with_snort_protocol_id(AppId newAppId, Packet* p) break; } - AppInfoTableEntry* entry = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(newAppId); + AppInfoTableEntry* entry = odp_ctxt.get_app_info_mgr().get_app_info_entry(newAppId); if (!entry) return; @@ -395,7 +397,7 @@ void AppIdSession::check_tunnel_detection_restart() // service if (api.service.get_id() == api.service.get_port_service_id()) - api.service.set_id(APP_ID_NONE, ctxt.get_odp_ctxt()); + api.service.set_id(APP_ID_NONE, odp_ctxt); api.service.set_port_service_id(APP_ID_NONE); api.service.reset(); service_ip.clear(); @@ -488,7 +490,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits) if ((scan_flags & SCAN_SSL_HOST_FLAG) and tls_str) { size_t size = strlen(tls_str); - if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_hostname((const uint8_t*)tls_str, size, + if (odp_ctxt.get_ssl_matchers().scan_hostname((const uint8_t*)tls_str, size, client_id, payload_id)) { if (api.client.get_id() == APP_ID_NONE or api.client.get_id() == APP_ID_SSL_CLIENT) @@ -500,7 +502,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits) if ((scan_flags & SCAN_SSL_CERTIFICATE_FLAG) and (tls_str = tsession->get_tls_cname())) { size_t size = strlen(tls_str); - if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size, + if (odp_ctxt.get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size, client_id, payload_id)) { if (api.client.get_id() == APP_ID_NONE or api.client.get_id() == APP_ID_SSL_CLIENT) @@ -512,7 +514,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits) if ((tls_str = tsession->get_tls_org_unit())) { size_t size = strlen(tls_str); - if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size, + if (odp_ctxt.get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size, client_id, payload_id)) { set_client_appid_data(client_id, change_bits); @@ -544,14 +546,14 @@ void AppIdSession::examine_rtmp_metadata(AppidChangeBits& change_bits) if (const char* url = hsession->get_cfield(MISC_URL_FID)) { - HttpPatternMatchers& http_matchers = ctxt.get_odp_ctxt().get_http_matchers(); + HttpPatternMatchers& http_matchers = odp_ctxt.get_http_matchers(); const char* referer = hsession->get_cfield(REQ_REFERER_FID); - if (((http_matchers.get_appid_from_url(nullptr, url, &version, + if ((http_matchers.get_appid_from_url(nullptr, url, &version, referer, &client_id, &service_id, &payload_id, - &referred_payload_id, true, ctxt.get_odp_ctxt())) || + &referred_payload_id, true, odp_ctxt)) || (http_matchers.get_appid_from_url(nullptr, url, &version, referer, &client_id, &service_id, &payload_id, - &referred_payload_id, false, ctxt.get_odp_ctxt())))) + &referred_payload_id, false, odp_ctxt))) { // do not overwrite a previously-set client or service if (hsession->client.get_id() <= APP_ID_NONE) @@ -575,8 +577,8 @@ void AppIdSession::set_client_appid_data(AppId id, AppidChangeBits& change_bits, if (id != cur_id) { if (cur_id) - if (ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(cur_id) > - ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(id)) + if (odp_ctxt.get_app_info_mgr().get_priority(cur_id) > + odp_ctxt.get_app_info_mgr().get_priority(id)) return; api.client.set_id(id); } @@ -588,8 +590,8 @@ void AppIdSession::set_payload_appid_data(AppId id, AppidChangeBits& change_bits if (id <= APP_ID_NONE) return; - if (ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(api.payload.get_id()) > - ctxt.get_odp_ctxt().get_app_info_mgr().get_priority(id)) + if (odp_ctxt.get_app_info_mgr().get_priority(api.payload.get_id()) > + odp_ctxt.get_app_info_mgr().get_priority(id)) return; api.payload.set_id(id); api.payload.set_version(version, change_bits); @@ -613,9 +615,9 @@ void AppIdSession::set_service_appid_data(AppId id, AppidChangeBits& change_bits bool AppIdSession::is_svc_taking_too_much_time() const { - return (init_pkts_without_reply > ctxt.get_odp_ctxt().max_packet_service_fail_ignore_bytes || - (init_pkts_without_reply > ctxt.get_odp_ctxt().max_packet_before_service_fail && - init_bytes_without_reply > ctxt.get_odp_ctxt().max_bytes_before_service_fail)); + return (init_pkts_without_reply > odp_ctxt.max_packet_service_fail_ignore_bytes || + (init_pkts_without_reply > odp_ctxt.max_packet_before_service_fail && + init_bytes_without_reply > odp_ctxt.max_bytes_before_service_fail)); } void AppIdSession::delete_session_data(bool free_api) @@ -748,7 +750,7 @@ AppId AppIdSession::pick_service_app_id() const { AppId rval = APP_ID_NONE; - if (!ctxt.get_tp_appid_ctxt()) + if (!tp_appid_ctxt) { if (is_service_detected()) { @@ -990,7 +992,7 @@ AppIdDnsSession* AppIdSession::get_dns_session() const bool AppIdSession::is_tp_appid_done() const { - if (ctxt.get_tp_appid_ctxt()) + if (tp_appid_ctxt) { if (get_session_flags(APPID_SESSION_FUTURE_FLOW)) return true; @@ -1018,7 +1020,7 @@ bool AppIdSession::is_tp_processing_done() const bool AppIdSession::is_tp_appid_available() const { - if (ctxt.get_tp_appid_ctxt()) + if (tp_appid_ctxt) { if (!tpsession) return false; @@ -1039,7 +1041,7 @@ void AppIdSession::set_tp_app_id(Packet& p, AppidSessionDirection dir, AppId app { tp_app_id = app_id; AppInfoTableEntry* entry = - ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); + odp_ctxt.get_app_info_mgr().get_app_info_entry(tp_app_id); if (entry) { tp_app_id_deferred = (entry->flags & APPINFO_FLAG_DEFER) ? true : false; @@ -1055,7 +1057,7 @@ void AppIdSession::set_tp_payload_app_id(Packet& p, AppidSessionDirection dir, A { tp_payload_app_id = app_id; AppInfoTableEntry* entry = - ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_payload_app_id); + odp_ctxt.get_app_info_mgr().get_app_info_entry(tp_payload_app_id); if (entry) { tp_payload_app_id_deferred = (entry->flags & APPINFO_FLAG_DEFER_PAYLOAD) ? true : false; diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index afd566c75..88a1591ce 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -233,11 +233,12 @@ private: class AppIdSession : public snort::FlowData { public: - AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, AppIdInspector&); + AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, + AppIdInspector&, OdpContext&); ~AppIdSession() override; static AppIdSession* allocate_session(const snort::Packet*, IpProtocol, - AppidSessionDirection, AppIdInspector*); + AppidSessionDirection, AppIdInspector*, OdpContext&); static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t, const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId); void initialize_future_session(AppIdSession&, uint64_t, AppidSessionDirection); @@ -247,7 +248,7 @@ public: uint32_t session_id = 0; snort::Flow* flow = nullptr; - AppIdContext& ctxt; + AppIdConfig& config; std::unordered_map flow_data; uint64_t flags = 0; uint16_t initiator_port = 0; @@ -398,7 +399,7 @@ public: if (tp_app_id != app_id) { tp_app_id = app_id; - tp_app_id_deferred = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags + tp_app_id_deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags (tp_app_id, APPINFO_FLAG_DEFER); } } @@ -408,7 +409,7 @@ public: if (tp_payload_app_id != app_id) { tp_payload_app_id = app_id; - tp_payload_app_id_deferred = ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags + tp_payload_app_id_deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags (tp_payload_app_id, APPINFO_FLAG_DEFER_PAYLOAD); } } @@ -544,6 +545,16 @@ public: api.set_tls_host(tsession->get_tls_host()); } + OdpContext& get_odp_ctxt() const + { + return odp_ctxt; + } + + ThirdPartyAppIdContext* get_tp_appid_ctxt() const + { + return tp_appid_ctxt; + } + private: uint16_t prev_http2_raw_packet = 0; @@ -561,6 +572,8 @@ private: uint16_t my_inferred_svcs_ver = 0; snort::AppIdSessionApi& api; static uint16_t inferred_svcs_ver; + OdpContext& odp_ctxt; + ThirdPartyAppIdContext* tp_appid_ctxt = nullptr; }; #endif diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index 121231da2..26316f406 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -196,7 +196,7 @@ bool AppIdSessionApi::is_appid_inspecting_session() const return true; } - if (asd->ctxt.get_odp_ctxt().check_host_port_app_cache) + if (asd->get_odp_ctxt().check_host_port_app_cache) return true; return false; diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index 6241053b5..54e0b9427 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -204,7 +204,7 @@ static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* buc cooked_client = true; AppInfoTableEntry* entry - = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); + = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); if ( entry ) { diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index db345b8f2..43bff866c 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -183,15 +183,15 @@ static void free_matched_list(ClientAppMatch** match_list) *match_list = nullptr; } -ClientAppMatch* ClientDiscovery::find_detector_candidates(const Packet* pkt, AppIdSession& asd) +ClientAppMatch* ClientDiscovery::find_detector_candidates(const Packet* pkt, const AppIdSession& asd) { ClientAppMatch* match_list = nullptr; SearchTool* patterns; if (asd.protocol == IpProtocol::TCP) - patterns = asd.ctxt.get_odp_ctxt().get_client_disco_mgr().tcp_patterns; + patterns = asd.get_odp_ctxt().get_client_disco_mgr().tcp_patterns; else - patterns = asd.ctxt.get_odp_ctxt().get_client_disco_mgr().udp_patterns; + patterns = asd.get_odp_ctxt().get_client_disco_mgr().udp_patterns; if ( patterns ) patterns->find_all((const char*)pkt->data, pkt->dsize, &pattern_match, false, (void*)&match_list); @@ -307,7 +307,7 @@ bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, { // Third party has positively identified appId; Dig deeper only if our // detector identifies additional information - entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); + entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( entry && entry->client_detector && ( ( entry->flags & ( APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER ) ) @@ -336,7 +336,7 @@ bool ClientDiscovery::do_client_discovery(AppIdSession& asd, Packet* p, !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_available() ) { - entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); + entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( !( entry && entry->client_detector && entry->client_detector == asd.client_detector && (entry->flags & (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER) ) ) ) diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.h b/src/network_inspectors/appid/client_plugins/client_discovery.h index beff54991..bb33fb4f6 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.h +++ b/src/network_inspectors/appid/client_plugins/client_discovery.h @@ -50,7 +50,7 @@ public: private: void exec_client_detectors(AppIdSession&, snort::Packet*, AppidSessionDirection direction, AppidChangeBits& change_bits); - ClientAppMatch* find_detector_candidates(const snort::Packet* pkt, AppIdSession&); + ClientAppMatch* find_detector_candidates(const snort::Packet* pkt, const AppIdSession&); void create_detector_candidates_list(AppIdSession&, snort::Packet*); int get_detector_candidates_list(AppIdSession&, snort::Packet*, AppidSessionDirection direction); }; diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc index adc53a230..bba295449 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc @@ -537,7 +537,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) goto udp_done; } if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data, - args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS) + args.asd.get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS) { if (rval == APPID_REVERSED) { @@ -548,7 +548,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, got a // response, and now we've got another query. rval = validate_packet(args.data, args.size, args.dir, - args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); + args.asd.get_odp_ctxt().dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) goto inprocess; } @@ -559,7 +559,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) // To get here, we missed the initial query, but now we've got // a response. rval = validate_packet(args.data, args.size, args.dir, - args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); + args.asd.get_odp_ctxt().dns_host_reporting, args.asd); if (rval == APPID_SUCCESS) { args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED); @@ -573,7 +573,7 @@ int DnsUdpServiceDetector::validate(AppIdDiscoveryArgs& args) } rval = validate_packet(args.data, args.size, args.dir, - args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); + args.asd.get_odp_ctxt().dns_host_reporting, args.asd); if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR)) goto inprocess; @@ -625,7 +625,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) uint16_t size = args.size - sizeof(DNSTCPHeader); uint16_t tmp = ntohs(hdr->length); if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data, - args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd)) + args.asd.get_odp_ctxt().dns_host_reporting, args.asd)) { if (args.dir == APP_ID_FROM_INITIATOR) goto not_compatible; @@ -636,7 +636,7 @@ int DnsTcpServiceDetector::validate(AppIdDiscoveryArgs& args) if (tmp > size) goto not_compatible; rval = validate_packet(data, size, args.dir, - args.ctxt.get_odp_ctxt().dns_host_reporting, args.asd); + args.asd.get_odp_ctxt().dns_host_reporting, args.asd); if (rval != APPID_SUCCESS) goto tcp_done; diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index 63433e415..24f7b2f03 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -190,7 +190,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con { fp->set_client_id(asd.get_client_id()); fp->set_payload_id(asd.get_payload_id()); - fp->set_service_id(APP_ID_RTP, asd.ctxt.get_odp_ctxt()); + fp->set_service_id(APP_ID_RTP, asd.get_odp_ctxt()); // FIXIT-M : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE. // Check if it is needed here as well. @@ -209,7 +209,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con { fp2->set_client_id(asd.get_client_id()); fp2->set_payload_id(asd.get_payload_id()); - fp2->set_service_id(APP_ID_RTCP, asd.ctxt.get_odp_ctxt()); + fp2->set_service_id(APP_ID_RTCP, asd.get_odp_ctxt()); // FIXIT-M : same comment as above // asd.initialize_future_session(*fp2, APPID_SESSION_EXPECTED_EVALUATE, APP_ID_APPID_SESSION_DIRECTION_MAX); @@ -329,7 +329,7 @@ void SipEventHandler::handle(DataEvent& event, Flow* flow) IpProtocol protocol = p->is_tcp() ? IpProtocol::TCP : IpProtocol::UDP; AppidSessionDirection direction = p->is_from_client() ? APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER; AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); - asd = AppIdSession::allocate_session(p, protocol, direction, inspector); + asd = AppIdSession::allocate_session(p, protocol, direction, inspector, inspector->get_ctxt().get_odp_ctxt()); } AppidChangeBits change_bits; @@ -372,7 +372,7 @@ void SipEventHandler::client_handler(SipEvent& sip_event, AppIdSession& asd, if ( !fd->user_agent.empty() ) { - if ( asd.ctxt.get_odp_ctxt().get_sip_matchers().get_client_from_ua( + if ( asd.get_odp_ctxt().get_sip_matchers().get_client_from_ua( fd->user_agent.c_str(), fd->user_agent.size(), client_id, client_version) ) goto success; } @@ -381,7 +381,7 @@ void SipEventHandler::client_handler(SipEvent& sip_event, AppIdSession& asd, { fd->flags |= SIP_FLAG_SERVER_CHECKED; - if ( asd.ctxt.get_odp_ctxt().get_sip_matchers().get_client_from_server( + if ( asd.get_odp_ctxt().get_sip_matchers().get_client_from_server( fd->from.c_str(), fd->from.size(), client_id, client_version) ) goto success; } diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index 0e9dbb769..d8939d25e 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -925,7 +925,7 @@ void HttpPatternMatchers::scan_key_chp(ChpMatchDescriptor& cmd) } AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, char** user, - int* total_found, AppIdHttpSession* hsession, const AppIdContext& ctxt) + int* total_found, AppIdHttpSession* hsession, const OdpContext& odp_ctxt) { AppId ret = APP_ID_NONE; unsigned pt = cmd.cur_ptype; @@ -981,7 +981,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, cha hsession->set_skip_simple_detect(true); break; case EXTRACT_USER: - if ( !*user && !ctxt.get_odp_ctxt().chp_userid_disabled ) + if ( !*user && !odp_ctxt.chp_userid_disabled ) { extract_chp(cmd.buffer[pt], cmd.length[pt], tmp.start_match_pos, match->psize, match->action_data, user); diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h index 6a26de92b..7fea1d40c 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.h +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.h @@ -288,7 +288,7 @@ public: void scan_key_chp(ChpMatchDescriptor&); AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*, - const AppIdContext&); + const OdpContext&); AppId scan_header_x_working_with(const char*, uint32_t, char**); int get_appid_by_pattern(const char*, unsigned, char**); bool get_appid_from_url(const char*, const char*, char**, const char*, AppId*, AppId*, diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index a7f1c2689..b4775dbcc 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -149,9 +149,10 @@ const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } unsigned AppIdSession::inspector_id = 0; AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); -AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector) - : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), ctxt(stub_ctxt), - api(*(new AppIdSessionApi(this, *ip))) { } +OdpContext stub_odp_ctxt(stub_config, nullptr); +AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector, + OdpContext&) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), config(stub_config), + api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; AppIdHttpSession::AppIdHttpSession(AppIdSession& asd, uint32_t http2_stream_id) : asd(asd), http2_stream_id(http2_stream_id) diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 79e2d952e..c9b85e405 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -33,12 +33,16 @@ #include #include +static AppIdConfig config; +static AppIdContext ctxt(config); +static OdpContext odpctxt(config, nullptr); +OdpContext* AppIdContext::odp_ctxt = &odpctxt; static HttpPatternMatchers* hm = nullptr; static Packet pkt; static SfIp sfip; static AppIdModule appid_mod; static AppIdInspector appid_inspector(appid_mod); -static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector); +static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt); static AppIdHttpSession mock_hsession(session, 0); static ChpMatchDescriptor cmd_test; static MatchedCHPAction mchp; @@ -48,10 +52,6 @@ static char* user = nullptr; static char* my_action_data = (char*)"0"; static const char* my_chp_data = (const char*)"chp_data"; static int total_found; -static AppIdConfig config; -static AppIdContext ctxt(config); -static OdpContext odpctxt(config, nullptr); -OdpContext* AppIdContext::odp_ctxt = &odpctxt; static AppId service_id = APP_ID_NONE; static AppId client_id = APP_ID_NONE; static DetectorHTTPPattern mpattern; @@ -212,7 +212,7 @@ TEST(http_url_patterns_tests, scan_chp_defer) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } @@ -226,7 +226,7 @@ TEST(http_url_patterns_tests, scan_chp_alt_appid) mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.cur_ptype = RSP_BODY_FID; - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } @@ -244,7 +244,7 @@ TEST(http_url_patterns_tests, scan_chp_extract_user) cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); cmd_test.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword"; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); snort_free(user); user = nullptr; @@ -264,7 +264,7 @@ TEST(http_url_patterns_tests, scan_chp_hold_and_default) mchp.start_match_pos = 0; cmd_test.buffer[RSP_BODY_FID] = my_chp_data; cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); // testing FUTURE_APPID_SESSION_SIP (default action) @@ -274,7 +274,7 @@ TEST(http_url_patterns_tests, scan_chp_hold_and_default) chpa_test.action = FUTURE_APPID_SESSION_SIP; mchp.mpattern = &chpa_test; cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp); - CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, ctxt) == APP_ID_NONE); + CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &mock_hsession, odpctxt) == APP_ID_NONE); CHECK_EQUAL(true, test_find_all_done); } diff --git a/src/network_inspectors/appid/ips_appid_option.cc b/src/network_inspectors/appid/ips_appid_option.cc index 58f5c9d64..f35743f18 100644 --- a/src/network_inspectors/appid/ips_appid_option.cc +++ b/src/network_inspectors/appid/ips_appid_option.cc @@ -33,6 +33,7 @@ #include "utils/util.h" #include "app_info_table.h" +#include "appid_inspector.h" #include "appid_session.h" using namespace std; @@ -119,12 +120,13 @@ IpsOption::EvalStatus AppIdIpsOption::eval(Cursor&, Packet* p) AppIdSession* session = appid_api.get_appid_session(*(p->flow)); - if ( !session ) + // Skip detection for sessions using old odp context after odp reload + if ( !session || (&(session->get_odp_ctxt()) != pkt_thread_odp_ctxt)) return NO_MATCH; AppId app_ids[APP_PROTOID_MAX]; AppId service_id = session->get_api().get_service_app_id(); - OdpContext& odp_ctxt = session->ctxt.get_odp_ctxt(); + OdpContext& odp_ctxt = session->get_odp_ctxt(); if (service_id != APP_ID_HTTP2) { diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 0f9d0c4a7..710916225 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1001,11 +1001,11 @@ static int detector_get_flow(lua_State* L) // Verify detector user data and that we are in packet context LuaStateDescriptor* lsd = ud->validate_lua_state(true); - auto df = odp_thread_ctxt->get_lua_detector_mgr().get_detector_flow(); + auto df = odp_thread_local_ctxt->get_lua_detector_mgr().get_detector_flow(); if (!df) { df = new DetectorFlow(L, lsd->ldp.asd); - odp_thread_ctxt->get_lua_detector_mgr().set_detector_flow(df); + odp_thread_local_ctxt->get_lua_detector_mgr().set_detector_flow(df); } UserData::push(L, DETECTORFLOW, df); lua_pushvalue(L, -1); @@ -1276,7 +1276,7 @@ static int register_callback(lua_State* L, LuaObject& ud, AppInfoFlags flag) // Note that Lua detector objects are thread local ud.set_cb_fn_name(callback); - if (!odp_thread_ctxt->get_lua_detector_mgr().insert_cb_detector(app_id, &ud)) + if (!odp_thread_local_ctxt->get_lua_detector_mgr().insert_cb_detector(app_id, &ud)) { ErrorMessage("AppId: detector callback already registered for app %d\n", app_id); return 1; @@ -1310,7 +1310,7 @@ static int detector_callback(const uint8_t* data, uint16_t size, AppidSessionDir return -10; } - LuaDetectorManager& lua_detector_mgr = odp_thread_ctxt->get_lua_detector_mgr(); + LuaDetectorManager& lua_detector_mgr = odp_thread_local_ctxt->get_lua_detector_mgr(); auto my_lua_state = lua_detector_mgr.L; const string& cb_fn_name = ud.get_cb_fn_name(); const char* detector_name = ud.get_detector()->get_name().c_str(); @@ -1362,14 +1362,14 @@ void check_detector_callback(const Packet& p, AppIdSession& asd, AppidSessionDir AppId app_id, AppidChangeBits& change_bits, AppInfoTableEntry* entry) { if (!entry) - entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); + entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(app_id); if (!entry) return; if (entry->flags & APPINFO_FLAG_CLIENT_DETECTOR_CALLBACK or entry->flags & APPINFO_FLAG_SERVICE_DETECTOR_CALLBACK) { - LuaObject* ud = odp_thread_ctxt->get_lua_detector_mgr().get_cb_detector(app_id); + LuaObject* ud = odp_thread_local_ctxt->get_lua_detector_mgr().get_cb_detector(app_id); assert(ud); if (ud->is_running()) @@ -2783,7 +2783,7 @@ int register_detector(lua_State* L) int LuaStateDescriptor::lua_validate(AppIdDiscoveryArgs& args) { - LuaDetectorManager& lua_detector_mgr = odp_thread_ctxt->get_lua_detector_mgr(); + LuaDetectorManager& lua_detector_mgr = odp_thread_local_ctxt->get_lua_detector_mgr(); auto my_lua_state = lua_detector_mgr.L; if (!my_lua_state) { @@ -2928,7 +2928,7 @@ LuaServiceObject::LuaServiceObject(AppIdDiscovery* sdm, const std::string& detec int LuaServiceDetector::validate(AppIdDiscoveryArgs& args) { //FIXIT-M: RELOAD - use lua references to get user data object from stack - auto my_lua_state = odp_thread_ctxt->get_lua_detector_mgr().L; + auto my_lua_state = odp_thread_local_ctxt->get_lua_detector_mgr().L; lua_settop(my_lua_state,0); std::string name = this->name + "_"; lua_getglobal(my_lua_state, name.c_str()); @@ -3006,7 +3006,7 @@ LuaStateDescriptor* LuaObject::validate_lua_state(bool packet_context) int LuaClientDetector::validate(AppIdDiscoveryArgs& args) { //FIXIT-M: RELOAD - use lua references to get user data object from stack - auto my_lua_state = odp_thread_ctxt->get_lua_detector_mgr().L; + auto my_lua_state = odp_thread_local_ctxt->get_lua_detector_mgr().L; std::string name = this->name + "_"; lua_settop(my_lua_state,0); //set stack index to 0 lua_getglobal(my_lua_state, name.c_str()); diff --git a/src/network_inspectors/appid/lua_detector_flow_api.cc b/src/network_inspectors/appid/lua_detector_flow_api.cc index 7330a9c36..2292bc161 100644 --- a/src/network_inspectors/appid/lua_detector_flow_api.cc +++ b/src/network_inspectors/appid/lua_detector_flow_api.cc @@ -210,7 +210,7 @@ static int create_detector_flow(lua_State* L) lua_pushvalue(L, -1); detector_flow->userDataRef = luaL_ref(L, LUA_REGISTRYINDEX); - odp_thread_ctxt->get_lua_detector_mgr().set_detector_flow(detector_flow); + odp_thread_local_ctxt->get_lua_detector_mgr().set_detector_flow(detector_flow); if (!detector_flow->asd) { diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 090704528..0ba2d9e6d 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -200,7 +200,7 @@ LuaDetectorManager::~LuaDetectorManager() void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control, bool reload) { LuaDetectorManager* lua_detector_mgr = new LuaDetectorManager(ctxt, is_control); - odp_thread_ctxt->set_lua_detector_mgr(*lua_detector_mgr); + odp_thread_local_ctxt->set_lua_detector_mgr(*lua_detector_mgr); if (!lua_detector_mgr->L) FatalError("Error - appid: can not create new luaState, instance=%u\n", @@ -231,12 +231,17 @@ void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control, bool rel void LuaDetectorManager::init_thread_manager(const AppIdContext& ctxt) { LuaDetectorManager* lua_detector_mgr = lua_detector_mgr_list[get_instance_id()]; - odp_thread_ctxt->set_lua_detector_mgr(*lua_detector_mgr); + odp_thread_local_ctxt->set_lua_detector_mgr(*lua_detector_mgr); lua_detector_mgr->activate_lua_detectors(); if (ctxt.config.list_odp_detectors) lua_detector_mgr->list_lua_detectors(); } +void LuaDetectorManager::clear_lua_detector_mgrs() +{ + lua_detector_mgr_list.clear(); +} + void LuaDetectorManager::free_detector_flow() { delete detector_flow; diff --git a/src/network_inspectors/appid/lua_detector_module.h b/src/network_inspectors/appid/lua_detector_module.h index 8e0f0cbc0..0d7a06c43 100644 --- a/src/network_inspectors/appid/lua_detector_module.h +++ b/src/network_inspectors/appid/lua_detector_module.h @@ -52,6 +52,7 @@ public: ~LuaDetectorManager(); static void initialize(AppIdContext&, int is_control=0, bool reload=false); static void init_thread_manager(const AppIdContext&); + static void clear_lua_detector_mgrs(); void set_detector_flow(DetectorFlow* df) { diff --git a/src/network_inspectors/appid/service_plugins/service_detector.cc b/src/network_inspectors/appid/service_plugins/service_detector.cc index fd318b3ed..0b5ec30da 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.cc +++ b/src/network_inspectors/appid/service_plugins/service_detector.cc @@ -90,7 +90,7 @@ int ServiceDetector::update_service_data(AppIdSession& asd, const Packet* pkt, A asd.set_service_vendor(vendor); asd.set_service_version(version, change_bits); asd.set_service_detected(); - asd.set_service_id(appId, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(appId, asd.get_odp_ctxt()); if (asd.get_session_flags(APPID_SESSION_IGNORE_HOST)) return APPID_SUCCESS; diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index 7d331e5df..5473284d6 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -292,7 +292,7 @@ static inline uint16_t sslPortRemap(uint16_t port) void ServiceDiscovery::get_port_based_services(IpProtocol protocol, uint16_t port, AppIdSession& asd) { - ServiceDiscovery& sd = asd.ctxt.get_odp_ctxt().get_service_disco_mgr(); + ServiceDiscovery& sd = asd.get_odp_ctxt().get_service_disco_mgr(); if ( asd.is_decrypted() ) { @@ -434,7 +434,7 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, asd.service_candidates.empty() ) { asd.service_detector = sds->select_detector_by_brute_force(proto, - asd.ctxt.get_odp_ctxt().get_service_disco_mgr()); + asd.get_odp_ctxt().get_service_disco_mgr()); got_brute_force = true; } } @@ -588,7 +588,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, { // Third party has positively identified appId; Dig deeper only if our // detector identifies additional information or flow is UDP reversed. - AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); + AppInfoTableEntry* entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( entry && entry->service_detector && ( ( entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL ) || ( ( entry->flags & APPINFO_FLAG_SERVICE_UDP_REVERSED ) && @@ -614,7 +614,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_available() ) { - AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); + AppInfoTableEntry* entry = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_entry(tp_app_id); if ( entry && entry->service_detector && !(entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL) ) { @@ -633,7 +633,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, // job of it than we do, so stay out of its way, and don't // waste time (but we will still get the Snort callbacks // for any of our own future flows). Shut down our detectors. - asd.set_service_id(APP_ID_SIP, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(APP_ID_SIP, asd.get_odp_ctxt()); asd.stop_service_inspection(p, direction); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; } @@ -642,7 +642,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, { // No need for anybody to keep wasting time once we've // found RTP - Shut down our detectors. - asd.set_service_id(tp_app_id, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(tp_app_id, asd.get_odp_ctxt()); asd.stop_service_inspection(p, direction); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; // - Shut down TP. @@ -676,17 +676,17 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, asd.get_service_id() == APP_ID_NONE && asd.is_svc_taking_too_much_time()) { asd.stop_service_inspection(p, direction); - asd.set_service_id(APP_ID_UNKNOWN, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(APP_ID_UNKNOWN, asd.get_odp_ctxt()); return isTpAppidDiscoveryDone; } AppIdDnsSession* dsession = asd.get_dns_session(); if (dsession and asd.get_service_id() == APP_ID_DNS - and asd.ctxt.get_odp_ctxt().dns_host_reporting and dsession->get_host()) + and asd.get_odp_ctxt().dns_host_reporting and dsession->get_host()) { AppId client_id = APP_ID_NONE; AppId payload_id = APP_ID_NONE; - asd.ctxt.get_odp_ctxt().get_dns_matchers().scan_hostname((const uint8_t*)(dsession->get_host()), + asd.get_odp_ctxt().get_dns_matchers().scan_hostname((const uint8_t*)(dsession->get_host()), dsession->get_host_len(), client_id, payload_id); asd.set_client_appid_data(client_id, change_bits); } @@ -724,7 +724,7 @@ int ServiceDiscovery::incompatible_data(AppIdSession& asd, const Packet* pkt, Ap asd.set_service_detected(); asd.clear_session_flags(APPID_SESSION_CONTINUE); - asd.set_service_id(APP_ID_NONE, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(APP_ID_NONE, asd.get_odp_ctxt()); if ( asd.get_session_flags(APPID_SESSION_IGNORE_HOST | APPID_SESSION_UDP_REVERSED) ) return APPID_SUCCESS; @@ -760,7 +760,7 @@ int ServiceDiscovery::fail_service(AppIdSession& asd, const Packet* pkt, AppidSe if ( !asd.service_detector && !asd.service_candidates.empty() ) return APPID_SUCCESS; - asd.set_service_id(APP_ID_NONE, asd.ctxt.get_odp_ctxt()); + asd.set_service_id(APP_ID_NONE, asd.get_odp_ctxt()); asd.set_service_detected(); asd.clear_session_flags(APPID_SESSION_CONTINUE); diff --git a/src/network_inspectors/appid/service_plugins/service_ftp.cc b/src/network_inspectors/appid/service_plugins/service_ftp.cc index 43a42b3cd..fbc8d4dc3 100644 --- a/src/network_inspectors/appid/service_plugins/service_ftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_ftp.cc @@ -897,12 +897,12 @@ void FtpServiceDetector::create_expected_session(AppIdSession& asd, const Packet uint64_t encrypted_flags = asd.get_session_flags(APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED); if (encrypted_flags == APPID_SESSION_ENCRYPTED) { - fp->set_service_id(APP_ID_FTPSDATA, asd.ctxt.get_odp_ctxt()); + fp->set_service_id(APP_ID_FTPSDATA, asd.get_odp_ctxt()); } else { encrypted_flags = 0; // reset (APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED) bits - fp->set_service_id(APP_ID_FTP_DATA, asd.ctxt.get_odp_ctxt()); + fp->set_service_id(APP_ID_FTP_DATA, asd.get_odp_ctxt()); } asd.initialize_future_session(*fp, APPID_SESSION_IGNORE_ID_FLAGS | encrypted_flags, dir); diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index 0e9a22d0f..8f6937506 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -134,7 +134,7 @@ int MdnsServiceDetector::validate(AppIdDiscoveryArgs& args) ret_val = validate_reply(args.data, args.size); if (ret_val == 1) { - if (args.ctxt.get_odp_ctxt().mdns_user_reporting) + if (args.asd.get_odp_ctxt().mdns_user_reporting) { MatchedPatterns* pattern_list = nullptr; analyze_user(args.asd, args.pkt, args.size, pattern_list); diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc index ffbeb96d3..2107c3144 100644 --- a/src/network_inspectors/appid/service_plugins/service_rpc.cc +++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc @@ -252,6 +252,7 @@ RpcServiceDetector::~RpcServiceDetector() snort_free(toast->name); snort_free(toast); } + rpc_programs = nullptr; } int RpcServiceDetector::validate(AppIdDiscoveryArgs& args) diff --git a/src/network_inspectors/appid/service_plugins/service_rtmp.cc b/src/network_inspectors/appid/service_plugins/service_rtmp.cc index 0c677c0da..ce4287b59 100644 --- a/src/network_inspectors/appid/service_plugins/service_rtmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_rtmp.cc @@ -615,7 +615,7 @@ int RtmpServiceDetector::validate(AppIdDiscoveryArgs& args) } /* Give up if it's taking us too long to figure out this thing. */ - if (args.asd.session_packet_count >= args.asd.ctxt.get_odp_ctxt().rtmp_max_packets) + if (args.asd.session_packet_count >= args.asd.get_odp_ctxt().rtmp_max_packets) { goto fail; } @@ -651,7 +651,7 @@ success: if ( ss->pageUrl ) { if ( !hsession->get_field(REQ_REFERER_FID) && - !args.asd.ctxt.get_odp_ctxt().referred_appId_disabled ) + !args.asd.get_odp_ctxt().referred_appId_disabled ) hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits); snort_free(ss->pageUrl); diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc index 913bb0918..c4778bbfa 100644 --- a/src/network_inspectors/appid/service_plugins/service_snmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc @@ -459,7 +459,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) { args.asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_NOT_A_SERVICE); args.asd.clear_session_flags(APPID_SESSION_CONTINUE); - args.asd.set_service_id(APP_ID_SNMP, args.asd.ctxt.get_odp_ctxt()); + args.asd.set_service_id(APP_ID_SNMP, args.asd.get_odp_ctxt()); break; } sd->state = SNMP_STATE_RESPONSE; diff --git a/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc b/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc index 1bded84bc..35accf8ec 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc +++ b/src/network_inspectors/appid/service_plugins/test/service_netbios_test.cc @@ -71,12 +71,13 @@ TEST(service_netbios_test, check_add_smb_info_pointer ) uint16_t size =215; AppidSessionDirection dir = APP_ID_FROM_INITIATOR; AppIdInspector ins; + OdpContext odp_ctxt(config, nullptr); snort::Packet pkt; AppidChangeBits cb; SfIp ip; - AppIdSession asd(IpProtocol::TCP, &ip, 21, ins); + AppIdSession asd(IpProtocol::TCP, &ip, 21, ins, odp_ctxt); AppIdDiscoveryArgs args(data, size, dir, asd, &pkt,cb); - ServiceDiscovery& s_discovery_manager = asd.ctxt.get_odp_ctxt().get_service_disco_mgr(); + ServiceDiscovery& s_discovery_manager = asd.get_odp_ctxt().get_service_disco_mgr(); args.pkt->ptrs.sp = args.pkt->ptrs.dp = 138; NbdgmServiceDetector nsd(&s_discovery_manager); nsd.validate(args); diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index aaecbb0a6..9ea196348 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -169,9 +169,11 @@ const TraceOption* AppIdModule::get_trace_options() const { return nullptr; } unsigned AppIdSession::inspector_id = 0; AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); -AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector) - : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), ctxt(stub_ctxt), - api(*(new AppIdSessionApi(this, *ip))) { } +static OdpContext stub_odp_ctxt(stub_config, nullptr); +OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; +AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector, + OdpContext&) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector), + config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; void AppIdSession::free_flow_data() { @@ -202,8 +204,6 @@ ServiceDiscoveryState* AppIdServiceState::add(SfIp const*, IpProtocol, unsigned return nullptr; } void ServiceDiscoveryState::set_service_id_valid(ServiceDetector*) { } -static OdpContext stub_odp_ctxt(stub_config, nullptr); -OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index f0368ef7d..70000308c 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -207,7 +207,7 @@ TEST(appid_api, get_application_name) { AppIdConfig config; AppIdContext ctxt(config); - const char* app_name = appid_api.get_application_name(1066, ctxt); + const char* app_name = appid_api.get_application_name(1066, ctxt.get_odp_ctxt()); STRCMP_EQUAL(app_name, test_app_name); } @@ -371,7 +371,8 @@ int main(int argc, char** argv) { mock_init_appid_pegs(); SfIp ip; - mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector); + mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, + dummy_appid_inspector.get_ctxt().get_odp_ctxt()); int rc = CommandLineTestRunner::RunAllTests(argc, argv); mock_cleanup_appid_pegs(); delete &mock_session->get_api(); diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index 10ba40a3c..5e6187fa4 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -53,11 +53,15 @@ public: }; AppIdConfig::~AppIdConfig() { } +OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } +OdpContext::~OdpContext() { } AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); -AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&) - : FlowData(0), ctxt(stub_ctxt), api(*(new AppIdSessionApi(this, *ip))) { } +OdpContext stub_odp_ctxt(stub_config, nullptr); +AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&, OdpContext&) + : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), + odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; // Utility functions @@ -112,7 +116,7 @@ TEST(appid_debug, basic_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -146,7 +150,7 @@ TEST(appid_debug, reverse_direction_activate_test) SfIp dip; dip.set("10.1.2.3"); AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt); // This packet... sip.set("10.9.8.7"); // this would be a reply back uint16_t sport = 80; @@ -181,7 +185,7 @@ TEST(appid_debug, ipv6_test) sip.set("2001:db8:85a3::8a2e:370:7334"); // IPv6 SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("2001:db8:85a3::8a2e:370:7335"); uint16_t sport = 1234; @@ -221,7 +225,7 @@ TEST(appid_debug, no_initiator_port_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -255,7 +259,7 @@ TEST(appid_debug, no_initiator_port_reversed_test) SfIp dip; dip.set("10.1.2.3"); AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt); // This packet... sip.set("10.9.8.7"); uint16_t sport = 80; @@ -324,7 +328,7 @@ TEST(appid_debug, no_match_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -354,7 +358,7 @@ TEST(appid_debug, all_constraints_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -388,7 +392,7 @@ TEST(appid_debug, just_proto_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -422,7 +426,7 @@ TEST(appid_debug, just_ip_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; @@ -456,7 +460,7 @@ TEST(appid_debug, just_port_test) sip.set("10.1.2.3"); SfIp dip; AppIdInspector inspector; - AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector); + AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt); // This packet... dip.set("10.9.8.7"); uint16_t sport = 48620; diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index a751237f6..175aac107 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -66,7 +66,8 @@ TEST_GROUP(appid_detector_tests) { MemoryLeakWarningPlugin::turnOffNewDeleteOverloads(); SfIp ip; - mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector); + mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, + dummy_appid_inspector.get_ctxt().get_odp_ctxt()); flow = new Flow; flow->set_flow_data(mock_session); } diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 5c366a74e..51ac1184c 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -199,7 +199,7 @@ void AppIdSession::update_encrypted_app_id(AppId) {} bool AppIdSession::is_tp_processing_done() const {return 0;} AppId AppIdSession::pick_ss_payload_app_id(AppId) const { return get_payload_id(); } AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol, - AppidSessionDirection, AppIdInspector*) + AppidSessionDirection, AppIdInspector*, OdpContext&) { return nullptr; } @@ -366,14 +366,14 @@ TEST(appid_discovery_tests, event_published_when_ignoring_flow) p.ptrs.ip_api.set(ip, ip); AppIdModule app_module; AppIdInspector ins(app_module); - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; asd->initiator_port = 21; asd->set_session_flags(APPID_SESSION_FUTURE_FLOW); - AppIdDiscovery::do_application_discovery(&p, ins, nullptr); + AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr); // Detect changes in service, client, payload, and misc appid mock().checkExpectations(); @@ -399,13 +399,13 @@ TEST(appid_discovery_tests, event_published_when_processing_flow) p.ptrs.tcph = nullptr; AppIdModule app_module; AppIdInspector ins(app_module); - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; asd->initiator_port = 21; - AppIdDiscovery::do_application_discovery(&p, ins, nullptr); + AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr); // Detect changes in service, client, payload, and misc appid mock().checkExpectations(); @@ -422,7 +422,7 @@ TEST(appid_discovery_tests, change_bits_for_client_version) AppIdModule app_module; AppIdInspector ins(app_module); SfIp ip; - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); const char* version = "3.0"; asd->set_client_version(version, change_bits); @@ -457,7 +457,7 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) p.ptrs.ip_api.set(ip, ip); AppIdModule app_module; AppIdInspector ins(app_module); - AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins); + AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt()); Flow* flow = new Flow; flow->set_flow_data(asd); p.flow = flow; @@ -468,7 +468,7 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) asd->set_client_id(APP_ID_CURL); asd->set_service_id(APP_ID_FTP, app_ctxt.get_odp_ctxt()); - AppIdDiscovery::do_application_discovery(&p, ins, nullptr); + AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr); // Detect event for FTP service and CURL client CHECK_EQUAL(asd->get_client_id(), APP_ID_CURL); @@ -479,7 +479,7 @@ TEST(appid_discovery_tests, change_bits_for_non_http_appid) asd->set_payload_id(APP_ID_NONE); asd->set_client_id(APP_ID_NONE); asd->set_service_id(APP_ID_DNS, app_ctxt.get_odp_ctxt()); - AppIdDiscovery::do_application_discovery(&p, ins, nullptr); + AppIdDiscovery::do_application_discovery(&p, ins, app_ctxt.get_odp_ctxt(), nullptr); // Detect event for DNS service mock().checkExpectations(); diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index 8cc88e24a..358327828 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -50,6 +50,8 @@ using namespace snort; namespace snort { AppIdApi appid_api; +Inspector* InspectorManager::get_inspector( + char const*, bool, const snort::SnortConfig*) { return nullptr; } } const char* content_type = nullptr; @@ -234,7 +236,7 @@ TEST_GROUP(appid_http_event) MemoryLeakWarningPlugin::turnOffNewDeleteOverloads(); flow = new Flow; SfIp ip; - mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector); + mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt); mock_session->create_http_session(); flow->set_flow_data(mock_session); appidDebug = new AppIdDebug(); diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index ed3838035..c8e6c5163 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -64,7 +64,7 @@ AppId HttpPatternMatchers::scan_header_x_working_with(const char*, uint32_t, cha } AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**, - int*, AppIdHttpSession*, const AppIdContext&) + int*, AppIdHttpSession*, const OdpContext&) { return 0; } @@ -101,9 +101,9 @@ static OdpContext stub_odp_ctxt(stub_config, nullptr); OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; // AppIdSession mock functions -AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), ctxt(stub_ctxt), - api(*(new AppIdSessionApi(this, *ip))) +AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector, OdpContext&) + : FlowData(inspector_id, &inspector), config(stub_config), + api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) {} AppIdSession::~AppIdSession() @@ -170,7 +170,7 @@ unsigned AppIdSession::inspector_id = 0; THREAD_LOCAL AppIdDebug* appidDebug = nullptr; SfIp sfip; -AppIdSession session(IpProtocol::IP, &sfip, 0, dummy_appid_inspector); +AppIdSession session(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt); AppIdHttpSession mock_hsession(session, 0); TEST_GROUP(appid_http_session) diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index ada2480d5..91c195438 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -78,9 +78,9 @@ static AppIdConfig stub_config; static AppIdContext stub_ctxt(stub_config); static OdpContext stub_odp_ctxt(stub_config, nullptr); OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; -AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector) - : FlowData(inspector_id, &inspector), ctxt(stub_ctxt), protocol(proto), - api(*(new AppIdSessionApi(this, *ip))) +AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector, + OdpContext&) : FlowData(inspector_id, &inspector), config(stub_config), + protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { service_port = APPID_UT_SERVICE_PORT; AppidChangeBits change_bits; @@ -101,7 +101,7 @@ AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInsp api.dsession = new MockAppIdDnsSession; tp_app_id = APPID_UT_ID; - set_service_id(APPID_UT_ID + 1, ctxt.get_odp_ctxt()); + set_service_id(APPID_UT_ID + 1, odp_ctxt); client_inferred_service_id = APPID_UT_ID + 2; set_port_service_id(APPID_UT_ID + 3); set_payload_id(APPID_UT_ID + 4); diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index 743665654..2045c5872 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -56,7 +56,7 @@ TEST_GROUP(appid_session_api) MemoryLeakWarningPlugin::turnOffNewDeleteOverloads(); SfIp ip; - mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector); + mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt); mock_session->set_ss_application_ids(APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits); } @@ -184,7 +184,7 @@ TEST(appid_session_api, is_appid_inspecting_session) // 4th if in is_appid_inspecting_session mock_session->set_application_ids_service(APP_ID_NONE, change_bits); - mock_session->ctxt.get_odp_ctxt().check_host_port_app_cache = true; + mock_session->get_odp_ctxt().check_host_port_app_cache = true; val = mock_session->get_api().is_appid_inspecting_session(); CHECK_TRUE(val); } diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index df18b09fc..bf3143e12 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -80,13 +80,18 @@ void ClientAppDescriptor::update_user(AppId, const char*){} void ClientAppDescriptor::update_stats(AppId) {} void PayloadAppDescriptor::update_stats(AppId) {} AppIdConfig::~AppIdConfig() { } +OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } +OdpContext::~OdpContext() { } AppIdConfig stub_config; AppIdContext stub_ctxt(stub_config); -AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&) - : FlowData(0), ctxt(stub_ctxt), api(*(new AppIdSessionApi(this, *ip))) { } +OdpContext stub_odp_ctxt(stub_config, nullptr); +AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&, OdpContext&) + : FlowData(0), config(stub_config), api(*(new AppIdSessionApi(this, *ip))), + odp_ctxt(stub_odp_ctxt) { } AppIdSession::~AppIdSession() = default; AppIdDiscovery::AppIdDiscovery() {} AppIdDiscovery::~AppIdDiscovery() {} +void ClientDiscovery::initialize() { } void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol) {} void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool*, int, const uint8_t* const, unsigned, unsigned) {} @@ -112,6 +117,12 @@ int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDir ServiceDetector*, ServiceDiscoveryState*) { return 0; } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } +DnsPatternMatchers::~DnsPatternMatchers() { } +HttpPatternMatchers::~HttpPatternMatchers() { } +SipPatternMatchers::~SipPatternMatchers() { } +SslPatternMatchers::~SslPatternMatchers() { } +snort::SearchTool::SearchTool(char const*, bool) { } +snort::SearchTool::~SearchTool() { } TEST_GROUP(service_state_tests) { @@ -152,7 +163,7 @@ TEST(service_state_tests, set_service_id_failed) AppIdInspector inspector; SfIp client_ip; client_ip.set("1.2.3.4"); - AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector); + AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0 sds.set_state(ServiceState::VALID); @@ -172,7 +183,7 @@ TEST(service_state_tests, set_service_id_failed_with_valid) AppIdInspector inspector; SfIp client_ip; client_ip.set("1.2.3.4"); - AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector); + AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1 sds.set_state(ServiceState::VALID); diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index 650b908ec..0056cd2d0 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -339,7 +339,7 @@ static inline void process_rtmp(AppIdSession& asd, } } - if ( !asd.ctxt.get_odp_ctxt().referred_appId_disabled && + if ( !asd.get_odp_ctxt().referred_appId_disabled && !hsession->get_field(REQ_REFERER_FID) ) { if ( ( field=attribute_data.http_request_referer(own) ) != nullptr ) @@ -368,7 +368,7 @@ static inline void process_rtmp(AppIdSession& asd, attribute_data.http_request_user_agent_begin() ) > 0 ) { char *version = nullptr; - HttpPatternMatchers& http_matchers = asd.ctxt.get_odp_ctxt().get_http_matchers(); + HttpPatternMatchers& http_matchers = asd.get_odp_ctxt().get_http_matchers(); http_matchers.identify_user_agent(field->c_str(), size, service_id, client_id, &version); @@ -384,20 +384,20 @@ static inline void process_rtmp(AppIdSession& asd, } if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 && - asd.session_packet_count > asd.ctxt.get_odp_ctxt().rtmp_max_packets) ) + asd.session_packet_count > asd.get_odp_ctxt().rtmp_max_packets) ) { const std::string* url; if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr ) { - HttpPatternMatchers& http_matchers = asd.ctxt.get_odp_ctxt().get_http_matchers(); + HttpPatternMatchers& http_matchers = asd.get_odp_ctxt().get_http_matchers(); const char* referer = hsession->get_cfield(REQ_REFERER_FID); if ( ( ( http_matchers.get_appid_from_url(nullptr, url->c_str(), nullptr, referer, &client_id, &service_id, - &payload_id, &referred_payload_app_id, true, asd.ctxt.get_odp_ctxt()) ) + &payload_id, &referred_payload_app_id, true, asd.get_odp_ctxt()) ) || ( http_matchers.get_appid_from_url(nullptr, url->c_str(), nullptr, referer, &client_id, &service_id, - &payload_id, &referred_payload_app_id, false, asd.ctxt.get_odp_ctxt()) ) ) == 1 ) + &payload_id, &referred_payload_app_id, false, asd.get_odp_ctxt()) ) ) == 1 ) { // do not overwrite a previously-set client or service if ( hsession->client.get_id() <= APP_ID_NONE ) @@ -431,7 +431,7 @@ static inline void process_ssl(AppIdSession& asd, { if (!asd.service_detector) { - AppInfoTableEntry* entry = asd.ctxt.get_odp_ctxt(). + AppInfoTableEntry* entry = asd.get_odp_ctxt(). get_app_info_mgr().get_app_info_entry(APP_ID_SSL); if (entry) @@ -452,7 +452,7 @@ static inline void process_ssl(AppIdSession& asd, if (!asd.get_client_id()) asd.set_client_appid_data(APP_ID_SSL_CLIENT, change_bits); - reinspect_ssl_appid = check_ssl_appid_for_reinspect(tmpAppId, asd.ctxt.get_odp_ctxt()); + reinspect_ssl_appid = check_ssl_appid_for_reinspect(tmpAppId, asd.get_odp_ctxt()); if (!(asd.scan_flags & SCAN_CERTVIZ_ENABLED_FLAG) and asd.tsession->get_tls_host() == nullptr and @@ -487,7 +487,7 @@ static inline void process_ftp_control(AppIdSession& asd, ThirdPartyAppIDAttributeData& attribute_data) { const string* field=0; - if (!asd.ctxt.get_odp_ctxt().ftp_userid_disabled && + if (!asd.get_odp_ctxt().ftp_userid_disabled && (field=attribute_data.ftp_command_user()) != nullptr) { asd.set_client_user(APP_ID_FTP_CONTROL, field->c_str()); @@ -556,7 +556,7 @@ static inline void check_terminate_tp_module(AppIdSession& asd, uint16_t tpPktCo { AppIdHttpSession* hsession = asd.get_http_session(); - if ((tpPktCount >= asd.ctxt.get_odp_ctxt().max_tp_flow_depth) || + if ((tpPktCount >= asd.get_odp_ctxt().max_tp_flow_depth) || (asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) == (APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) && hsession && hsession->get_field(REQ_URI_FID) && @@ -624,11 +624,11 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I return true; } - if (!p->dsize and !asd.ctxt.get_odp_ctxt().tp_allow_probes) + if (!p->dsize and !asd.get_odp_ctxt().tp_allow_probes) return false; bool process_packet = (protocol != IpProtocol::TCP or (p->packet_flags & PKT_STREAM_ORDER_OK) or - asd.ctxt.get_odp_ctxt().tp_allow_probes); + asd.get_odp_ctxt().tp_allow_probes); if (!process_packet) return false; @@ -675,7 +675,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); LogMessage("AppIdDbg %s 3rd party returned %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", tp_app_id); } @@ -689,7 +689,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I assert(hsession); } - unsigned app_info_flags = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(tp_app_id, + unsigned app_info_flags = asd.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(tp_app_id, APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE ); // if the third-party appId must be treated as a client, do it now @@ -716,7 +716,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I } if (tp_app_id == APP_ID_SSL && - (Stream::get_snort_protocol_id(p->flow) == asd.ctxt.config.snortId_for_ftp_data)) + (Stream::get_snort_protocol_id(p->flow) == asd.config.snortId_for_ftp_data)) { // If we see SSL on an FTP data channel set tpAppId back // to APP_ID_NONE so the FTP preprocessor picks up the flow. @@ -742,7 +742,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I else if (hsession->payload.get_id() == APP_ID_HTTP_TUNNEL and tp_app_id != APP_ID_SSL) hsession->set_payload(tp_app_id, change_bits, "3rd party"); - hsession->process_http_packet(direction, change_bits, asd.ctxt.get_odp_ctxt().get_http_matchers()); + hsession->process_http_packet(direction, change_bits, asd.get_odp_ctxt().get_http_matchers()); if (asd.get_tp_app_id() == APP_ID_HTTP and !asd.get_session_flags(APPID_SESSION_APP_REINSPECT) and @@ -780,8 +780,8 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I asd.set_port_service_id(portAppId); if (appidDebug->is_active()) { - const char *service_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); - const char *port_service_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.get_port_service_id()); + const char *service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); + const char *port_service_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(asd.get_port_service_id()); LogMessage("AppIdDbg %s SSL is service %s (%d), portServiceAppId %s (%d)\n", appidDebug->get_debug_session(), service_name ? service_name : "unknown", tp_app_id, @@ -795,7 +795,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I tp_app_id = portAppId; if (appidDebug->is_active()) { - const char *app_name = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); + const char *app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(tp_app_id); LogMessage("AppIdDbg %s SSL is %s (%d)\n", appidDebug->get_debug_session(), app_name ? app_name : "unknown", tp_app_id); }