From: Shravan Rangarajuvenkata (shrarang) Date: Tue, 10 Mar 2020 02:05:43 +0000 (+0000) Subject: Merge pull request #2013 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt_4 to... X-Git-Tag: 3.0.0-269~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb98998562c066c3f15c46b6d2802bd79107bcb5;p=thirdparty%2Fsnort3.git Merge pull request #2013 in SNORT/snort3 from ~SHRARANG/snort3:appid_odp_ctxt_4 to master Squashed commit of the following: commit 86c07b18b201441bba9c0986b5f35d6c21b88f63 Author: Shravan Rangaraju Date: Mon Feb 17 08:49:08 2020 -0500 appid: move client/service pattern detectors and service discovery manager to odp context --- diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index 1a0920b37..947cda661 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -92,19 +92,10 @@ bool AppIdContext::init_appid(SnortConfig* sc) static bool once = false; if (!once) { - AppIdDiscovery::initialize_plugins(); odp_ctxt->get_client_disco_mgr().initialize(); + odp_ctxt->get_service_disco_mgr().initialize(); LuaDetectorManager::initialize(*this, 1); - PatternServiceDetector::finalize_service_port_patterns(); - PatternClientDetector::finalize_client_port_patterns(); - AppIdDiscovery::finalize_plugins(); - odp_ctxt->get_client_disco_mgr().finalize_client_plugins(); - odp_ctxt->get_http_matchers().finalize_patterns(); - // sip patterns need to be finalized after http patterns because they - // are dependent on http patterns - odp_ctxt->get_sip_matchers().finalize_patterns(*odp_ctxt); - odp_ctxt->get_ssl_matchers().finalize_patterns(); - odp_ctxt->get_dns_matchers().finalize_patterns(); + odp_ctxt->initialize(); once = true; } @@ -130,6 +121,22 @@ void AppIdContext::show() OdpContext::OdpContext(AppIdConfig& config, SnortConfig* sc) { app_info_mgr.init_appid_info_table(config, sc, *this); + client_pattern_detector = new PatternClientDetector(&client_disco_mgr); + service_pattern_detector = new PatternServiceDetector(&service_disco_mgr); +} + +void OdpContext::initialize() +{ + service_pattern_detector->finalize_service_port_patterns(); + client_pattern_detector->finalize_client_port_patterns(); + service_disco_mgr.finalize_service_patterns(); + client_disco_mgr.finalize_client_plugins(); + http_matchers.finalize_patterns(); + // sip patterns need to be finalized after http patterns because they + // are dependent on http patterns + sip_matchers.finalize_patterns(*this); + ssl_matchers.finalize_patterns(); + dns_matchers.finalize_patterns(); } void OdpContext::add_port_service_id(IpProtocol proto, uint16_t port, AppId appid) diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index d089a5df3..3e1d850d2 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -23,18 +23,10 @@ #define APP_ID_CONFIG_H #include -#include #include -#include "framework/decode_data.h" -#include "main/snort_config.h" -#include "protocols/ipv6.h" -#include "sfip/sf_ip.h" #include "target_based/snort_protocols.h" -#include "utils/sflsq.h" -#include "tp_appid_module_api.h" -#include "application_ids.h" #include "app_info_table.h" #include "client_plugins/client_discovery.h" #include "detector_plugins/dns_patterns.h" @@ -43,15 +35,18 @@ #include "detector_plugins/ssl_patterns.h" #include "host_port_app_cache.h" #include "length_app_cache.h" +#include "service_plugins/service_discovery.h" +#include "tp_appid_module_api.h" #define APP_ID_PORT_ARRAY_SIZE 65536 -class AppIdInspector; - extern SnortProtocolId snortId_for_unsynchronized; extern SnortProtocolId snortId_for_ftp_data; extern SnortProtocolId snortId_for_http2; +class PatternClientDetector; +class PatternServiceDetector; + class AppIdConfig { public: @@ -105,6 +100,7 @@ public: bool recheck_for_portservice_appid = false; OdpContext(AppIdConfig&, snort::SnortConfig*); + void initialize(); AppInfoManager& get_app_info_mgr() { @@ -116,6 +112,11 @@ public: return client_disco_mgr; } + ServiceDiscovery& get_service_disco_mgr() + { + return service_disco_mgr; + } + HostPortVal* host_port_cache_find(const snort::SfIp* ip, uint16_t port, IpProtocol proto) { return host_port_cache.find(ip, port, proto, *this); @@ -156,6 +157,16 @@ public: return ssl_matchers; } + PatternClientDetector& get_client_pattern_detector() + { + return *client_pattern_detector; + } + + PatternServiceDetector& get_service_pattern_detector() + { + return *service_pattern_detector; + } + void add_port_service_id(IpProtocol, uint16_t, AppId); void add_protocol_service_id(IpProtocol, AppId); AppId get_port_service_id(IpProtocol, uint16_t); @@ -169,8 +180,11 @@ private: LengthCache length_cache; DnsPatternMatchers dns_matchers; HttpPatternMatchers http_matchers; + ServiceDiscovery service_disco_mgr; SipPatternMatchers sip_matchers; SslPatternMatchers ssl_matchers; + PatternClientDetector* client_pattern_detector; + PatternServiceDetector* service_pattern_detector; std::array tcp_port_only = {}; // port-only TCP services std::array udp_port_only = {}; // port-only UDP services diff --git a/src/network_inspectors/appid/appid_detector.h b/src/network_inspectors/appid/appid_detector.h index 2f22f0ea4..0578fe3e9 100644 --- a/src/network_inspectors/appid/appid_detector.h +++ b/src/network_inspectors/appid/appid_detector.h @@ -113,7 +113,6 @@ public: virtual int initialize(); virtual void do_custom_init() = 0; - virtual void release_thread_resources() = 0; virtual int validate(AppIdDiscoveryArgs&) = 0; virtual void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) = 0; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index e06040af8..ec33c22bb 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -72,25 +72,8 @@ AppIdDiscovery::~AppIdDiscovery() delete kv.second; } -void AppIdDiscovery::initialize_plugins() -{ - ServiceDiscovery::get_instance(); -} - -void AppIdDiscovery::finalize_plugins() -{ - ServiceDiscovery::get_instance().finalize_service_patterns(); -} - -void AppIdDiscovery::release_plugins() -{ - ServiceDiscovery::release_instance(); -} - void AppIdDiscovery::tterm() { - ClientDiscovery::release_thread_resources(); - ServiceDiscovery::get_instance().release_thread_resources(); } void AppIdDiscovery::register_detector(const std::string& name, AppIdDetector* cd, IpProtocol proto) @@ -819,7 +802,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, // exceptions for rexec and any other service detector that need to see SYN and SYN/ACK if (asd.get_session_flags(APPID_SESSION_REXEC_STDERR)) { - ServiceDiscovery::get_instance().identify_service(asd, p, direction, change_bits); + asd.ctxt.get_odp_ctxt().get_service_disco_mgr().identify_service(asd, p, direction, change_bits); if (asd.get_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_CONTINUE) == APPID_SESSION_SERVICE_DETECTED) @@ -833,8 +816,8 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, else if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK)) { if (asd.service_disco_state != APPID_DISCO_STATE_FINISHED) - is_discovery_done = ServiceDiscovery::get_instance().do_service_discovery(asd, p, - direction, change_bits); + is_discovery_done = asd.ctxt.get_odp_ctxt().get_service_disco_mgr().do_service_discovery( + asd, p, direction, change_bits); if (asd.client_disco_state != APPID_DISCO_STATE_FINISHED) is_discovery_done = asd.ctxt.get_odp_ctxt().get_client_disco_mgr().do_client_discovery( asd, p, direction, change_bits); diff --git a/src/network_inspectors/appid/appid_discovery.h b/src/network_inspectors/appid/appid_discovery.h index 5c373a045..2b96c2b01 100644 --- a/src/network_inspectors/appid/appid_discovery.h +++ b/src/network_inspectors/appid/appid_discovery.h @@ -97,9 +97,6 @@ public: AppIdDiscovery(const AppIdDiscovery&) = delete; AppIdDiscovery& operator=(const AppIdDiscovery&) = delete; - static void initialize_plugins(); - static void finalize_plugins(); - static void release_plugins(); static void tterm(); virtual void initialize() = 0; diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index d77593751..c240838c3 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -215,7 +215,6 @@ static void appid_inspector_pterm() //FIXIT-M: RELOAD - if app_info_table is associated with an object appid_forecast_pterm(); LuaDetectorManager::terminate(); - AppIdDiscovery::release_plugins(); AppIdContext::pterm(); //end of 'FIXIT-M: RELOAD' comment above openssl_cleanup(); diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h index daa8b11ba..7944c4db2 100644 --- a/src/network_inspectors/appid/appid_module.h +++ b/src/network_inspectors/appid/appid_module.h @@ -25,9 +25,11 @@ #include #include +#include "framework/module.h" +#include "main/snort_config.h" + #include "appid_config.h" #include "appid_pegs.h" -#include "framework/module.h" extern THREAD_LOCAL snort::ProfileStats appid_perf_stats; diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index ca03284e8..110b5e2ac 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -659,7 +659,7 @@ int AppIdSession::add_flow_data_id(uint16_t port, ServiceDetector* service) return 0; } -void AppIdSession::stop_rna_service_inspection(Packet* p, AppidSessionDirection direction) +void AppIdSession::stop_service_inspection(Packet* p, AppidSessionDirection direction) { if (direction == APP_ID_FROM_INITIATOR) { diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index bf25013d9..bd41420fe 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -325,7 +325,7 @@ public: void update_encrypted_app_id(AppId); void examine_rtmp_metadata(AppidChangeBits& change_bits); void sync_with_snort_protocol_id(AppId, snort::Packet*); - void stop_rna_service_inspection(snort::Packet*, AppidSessionDirection); + void stop_service_inspection(snort::Packet*, AppidSessionDirection); bool is_payload_appid_set(); void clear_http_flags(); diff --git a/src/network_inspectors/appid/client_plugins/client_detector.h b/src/network_inspectors/appid/client_plugins/client_detector.h index ce6d1bd73..6a04fdcc1 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.h +++ b/src/network_inspectors/appid/client_plugins/client_detector.h @@ -33,7 +33,6 @@ public: ClientDetector(); void do_custom_init() override { } - void release_thread_resources() override { } void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) override; }; #endif diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.cc b/src/network_inspectors/appid/client_plugins/client_discovery.cc index 3e0d2704d..1d95b8a1b 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.cc +++ b/src/network_inspectors/appid/client_plugins/client_discovery.cc @@ -52,23 +52,6 @@ using namespace snort; #define MAX_CANDIDATE_CLIENTS 10 -THREAD_LOCAL ClientAppMatch* match_free_list = nullptr; - -ClientDiscovery::~ClientDiscovery() -{ - release_thread_resources(); -} - -void ClientDiscovery::release_thread_resources() -{ - ClientAppMatch* match; - while ((match = match_free_list) != nullptr) - { - match_free_list = match->next; - snort_free(match); - } -} - void ClientDiscovery::initialize() { new AimClientDetector(this); @@ -78,7 +61,6 @@ void ClientDiscovery::initialize() new ImapClientDetector(this); new KerberosClientDetector(this); new MsnClientDetector(this); - new PatternClientDetector(this); new Pop3ClientDetector(this); new RtpClientDetector(this); new SipTcpClientDetector(this); @@ -133,13 +115,7 @@ static int pattern_match(void* id, void* /*unused_tree*/, int match_end_pos, voi cam->count++; else { - if (match_free_list) - { - cam = match_free_list; - match_free_list = cam->next; - } - else - cam = (ClientAppMatch*)snort_alloc(sizeof(ClientAppMatch)); + cam = (ClientAppMatch*)snort_alloc(sizeof(ClientAppMatch)); cam->count = 1; cam->detector = static_cast(pd->service); @@ -185,9 +161,9 @@ static const ClientDetector* get_next_detector(ClientAppMatch** match_list) else max_prev->next = max_curr->next; - max_curr->next = match_free_list; - match_free_list = max_curr; - return max_curr->detector; + const ClientDetector* detector = max_curr->detector; + snort_free(max_curr); + return detector; } else return nullptr; @@ -203,8 +179,7 @@ static void free_matched_list(ClientAppMatch** match_list) { tmp = cam; cam = tmp->next; - tmp->next = match_free_list; - match_free_list = tmp; + snort_free(tmp); } *match_list = nullptr; diff --git a/src/network_inspectors/appid/client_plugins/client_discovery.h b/src/network_inspectors/appid/client_plugins/client_discovery.h index 6e8198668..e27df829c 100644 --- a/src/network_inspectors/appid/client_plugins/client_discovery.h +++ b/src/network_inspectors/appid/client_plugins/client_discovery.h @@ -22,11 +22,10 @@ #ifndef CLIENT_DISCOVERY_H #define CLIENT_DISCOVERY_H -#include "appid_discovery.h" - #include "flow/flow.h" #include "log/messages.h" +#include "appid_discovery.h" #include "appid_types.h" class ClientDetector; @@ -44,12 +43,9 @@ extern THREAD_LOCAL ClientAppMatch* match_free_list; class ClientDiscovery : public AppIdDiscovery { public: - ~ClientDiscovery() override; void initialize() override; - static void release_instance(); void finalize_client_plugins(); - static void release_thread_resources(); bool do_client_discovery(AppIdSession&, snort::Packet*, AppidSessionDirection direction, AppidChangeBits& change_bits); diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index d2c1b73a5..5b3464a3b 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -35,10 +35,7 @@ using namespace snort; -static PatternServiceDetector* service_pattern_detector; -static PatternClientDetector* client_pattern_detector; - -static void dumpPatterns(const char* name, PatternService* pList) +static void dump_patterns(const char* name, PatternService* pList) { UNUSED(name); @@ -86,11 +83,11 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser { bool newPs = false; - if (!ps || !lastName || strcmp(lastName, pNode->detectorName) + if (!ps || !lastName || strcmp(lastName, pNode->detector_name) || lastProto != pNode->protocol) { ps = (PatternService*)snort_calloc(sizeof(PatternService)); - lastName = pNode->detectorName; + lastName = pNode->detector_name; lastProto = pNode->protocol; newPs = true; ps->id = pNode->appId; @@ -281,55 +278,55 @@ static int csd_pattern_tree_search(const uint8_t* data, uint16_t size, SearchToo // Creates unique subset of services registered on ports, and then creates pattern trees. void PatternServiceDetector::create_service_pattern_trees() { - for (PatternService* ps = servicePortPattern; ps; ps = ps->next) + for (PatternService* ps = service_port_pattern; ps; ps = ps->next) for (PortNode* port = ps->port; port; port = port->next) for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) if (ps->proto == IpProtocol::TCP) - register_pattern(&tcpPortPatternTree[port->port], + register_pattern(&tcp_port_pattern_tree[port->port], pattern); else - register_pattern(&udpPortPatternTree[port->port], + register_pattern(&udp_port_pattern_tree[port->port], pattern); for (unsigned i = 0; i < 65536; i++) { - if (tcpPortPatternTree[i]) + if (tcp_port_pattern_tree[i]) { - for (PatternService* ps = servicePortPattern; ps; ps = ps->next) + for (PatternService* ps = service_port_pattern; ps; ps = ps->next) { if (ps->port || (ps->proto != IpProtocol::TCP)) continue; for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) - register_pattern(&tcpPortPatternTree[i], pattern); + register_pattern(&tcp_port_pattern_tree[i], pattern); } - tcpPortPatternTree[i]->prep(); + tcp_port_pattern_tree[i]->prep(); } - if (udpPortPatternTree[i]) + if (udp_port_pattern_tree[i]) { - for (PatternService* ps = servicePortPattern; ps; ps = ps->next) + for (PatternService* ps = service_port_pattern; ps; ps = ps->next) { if (ps->port || (ps->proto != IpProtocol::UDP)) continue; for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) - register_pattern(&udpPortPatternTree[i], pattern); + register_pattern(&udp_port_pattern_tree[i], pattern); } - udpPortPatternTree[i]->prep(); + udp_port_pattern_tree[i]->prep(); } } } void PatternServiceDetector::register_service_patterns() { - /**Register patterns with no associated ports, to RNA and local + /**Register patterns with no associated ports, to AppId and local * pattern tree. Register patterns with ports with local pattern * tree only. */ - for (PatternService* ps = servicePortPattern; ps; ps = ps->next) + for (PatternService* ps = service_port_pattern; ps; ps = ps->next) { if (!ps->port) { @@ -390,10 +387,9 @@ void PatternServiceDetector::insert_service_port_pattern(PortPatternNode* pPatte PortPatternNode** prev = nullptr; PortPatternNode** curr; - for (curr = &service_pattern_detector->luaInjectedPatterns; - *curr; prev = curr, curr = &((*curr)->next)) + for (curr = &lua_injected_patterns; *curr; prev = curr, curr = &((*curr)->next)) { - if (strcmp(pPattern->detectorName, (*curr)->detectorName) || pPattern->protocol < + if (strcmp(pPattern->detector_name, (*curr)->detector_name) || pPattern->protocol < (*curr)->protocol || pPattern->port < (*curr)->port) break; @@ -413,12 +409,11 @@ void PatternServiceDetector::insert_service_port_pattern(PortPatternNode* pPatte void PatternServiceDetector::finalize_service_port_patterns() { - read_patterns(service_pattern_detector->luaInjectedPatterns, - &service_pattern_detector->servicePortPattern); - service_pattern_detector->install_ports(service_pattern_detector->servicePortPattern); - service_pattern_detector->create_service_pattern_trees(); - service_pattern_detector->register_service_patterns(); - dumpPatterns("Server", service_pattern_detector->servicePortPattern); + read_patterns(lua_injected_patterns, &service_port_pattern); + install_ports(service_port_pattern); + create_service_pattern_trees(); + register_service_patterns(); + dump_patterns("Server", service_port_pattern); } PatternServiceDetector::PatternServiceDetector(ServiceDiscovery* sd) @@ -428,40 +423,39 @@ PatternServiceDetector::PatternServiceDetector(ServiceDiscovery* sd) proto = IpProtocol::TCP; detectorType = DETECTOR_TYPE_PATTERN; - service_pattern_detector = this; handler->register_detector(name, this, proto); } PatternServiceDetector::~PatternServiceDetector() { - if ( servicePortPattern ) + if ( service_port_pattern ) { delete tcp_pattern_matcher; delete udp_pattern_matcher; for (unsigned i = 0; i < 65536; i++) { - if (tcpPortPatternTree[i]) - delete tcpPortPatternTree[i]; - if (udpPortPatternTree[i]) - delete udpPortPatternTree[i]; + if (tcp_port_pattern_tree[i]) + delete tcp_port_pattern_tree[i]; + if (udp_port_pattern_tree[i]) + delete udp_port_pattern_tree[i]; } PatternService* ps; - while (servicePortPattern) + while (service_port_pattern) { - ps = servicePortPattern; - servicePortPattern = ps->next; + ps = service_port_pattern; + service_port_pattern = ps->next; free_pattern_service(ps); } } PortPatternNode* tmp; - while ((tmp = luaInjectedPatterns)) + while ((tmp = lua_injected_patterns)) { - luaInjectedPatterns = tmp->next; + lua_injected_patterns = tmp->next; snort_free(tmp->pattern); - snort_free(tmp->detectorName); + snort_free(tmp->detector_name); snort_free(tmp); } } @@ -480,13 +474,13 @@ int PatternServiceDetector::validate(AppIdDiscoveryArgs& args) if (args.asd.protocol == IpProtocol::UDP) { - patternTree = udpPortPatternTree[args.pkt->ptrs.sp]; + patternTree = udp_port_pattern_tree[args.pkt->ptrs.sp]; if (!patternTree) patternTree = udp_pattern_matcher; } else { - patternTree = tcpPortPatternTree[args.pkt->ptrs.sp]; + patternTree = tcp_port_pattern_tree[args.pkt->ptrs.sp]; if (!patternTree) patternTree = tcp_pattern_matcher; } @@ -507,13 +501,12 @@ PatternClientDetector::PatternClientDetector(ClientDiscovery* cdm) name = "pattern"; proto = IpProtocol::TCP; - client_pattern_detector = this; handler->register_detector(name, this, proto); } PatternClientDetector::~PatternClientDetector() { - if (servicePortPattern) + if (service_port_pattern) { if (tcp_pattern_matcher) { @@ -528,19 +521,19 @@ PatternClientDetector::~PatternClientDetector() } PatternService* ps; - while (servicePortPattern) + while (service_port_pattern) { - ps = servicePortPattern; - servicePortPattern = ps->next; + ps = service_port_pattern; + service_port_pattern = ps->next; free_pattern_service(ps); } } PortPatternNode* tmp; - while ((tmp = luaInjectedPatterns)) + while ((tmp = lua_injected_patterns)) { - luaInjectedPatterns = tmp->next; + lua_injected_patterns = tmp->next; snort_free(tmp->pattern); - snort_free(tmp->detectorName); + snort_free(tmp->detector_name); snort_free(tmp); } } @@ -562,7 +555,7 @@ int PatternClientDetector::validate(AppIdDiscoveryArgs& args) void PatternClientDetector::create_client_pattern_trees() { - for (PatternService* ps = servicePortPattern; ps; ps = ps->next) + for (PatternService* ps = service_port_pattern; ps; ps = ps->next) { for ( Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) { @@ -579,10 +572,10 @@ void PatternClientDetector::insert_client_port_pattern(PortPatternNode* port_pat //insert ports in order. PortPatternNode** prev = nullptr; PortPatternNode** curr; - for (curr = &client_pattern_detector->luaInjectedPatterns; + for (curr = &lua_injected_patterns; *curr; prev = curr, curr = &((*curr)->next)) { - if (strcmp(port_pattern->detectorName, (*curr)->detectorName) + if (strcmp(port_pattern->detector_name, (*curr)->detector_name) || port_pattern->protocol < (*curr)->protocol || port_pattern->port < (*curr)->port) break; @@ -600,11 +593,9 @@ void PatternClientDetector::insert_client_port_pattern(PortPatternNode* port_pat } } -// Register patterns with no associated ports, to RNA and local pattern tree. Register -// patterns with ports with local pattern tree only. void PatternClientDetector::register_client_patterns() { - for (PatternService* ps = servicePortPattern; ps; ps = ps->next) + for (PatternService* ps = service_port_pattern; ps; ps = ps->next) for (Pattern* pattern = ps->pattern; pattern; pattern = pattern->next) { if (pattern->data && pattern->length) @@ -634,10 +625,9 @@ void PatternClientDetector::register_client_patterns() void PatternClientDetector::finalize_client_port_patterns() { - read_patterns(client_pattern_detector->luaInjectedPatterns, - &client_pattern_detector->servicePortPattern); - client_pattern_detector->create_client_pattern_trees(); - client_pattern_detector->register_client_patterns(); - dumpPatterns("Client", client_pattern_detector->servicePortPattern); + read_patterns(lua_injected_patterns, &service_port_pattern); + create_client_pattern_trees(); + register_client_patterns(); + dump_patterns("Client", service_port_pattern); } diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.h b/src/network_inspectors/appid/detector_plugins/detector_pattern.h index 7d2a64424..1b0701089 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.h +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.h @@ -42,7 +42,7 @@ struct PortPatternNode unsigned char* pattern; unsigned length; int32_t offset; - char* detectorName; + char* detector_name; PortPatternNode* next; }; @@ -80,8 +80,8 @@ public: PatternClientDetector(ClientDiscovery*); ~PatternClientDetector() override; - static void insert_client_port_pattern(PortPatternNode*); - static void finalize_client_port_patterns(); + void insert_client_port_pattern(PortPatternNode*); + void finalize_client_port_patterns(); int validate(AppIdDiscoveryArgs&) override; @@ -89,8 +89,8 @@ private: void create_client_pattern_trees(); void register_client_patterns(); - PortPatternNode* luaInjectedPatterns = nullptr; - PatternService* servicePortPattern = nullptr; + PortPatternNode* lua_injected_patterns = nullptr; + PatternService* service_port_pattern = nullptr; snort::SearchTool* tcp_pattern_matcher = nullptr; snort::SearchTool* udp_pattern_matcher = nullptr; }; @@ -101,8 +101,8 @@ public: PatternServiceDetector(ServiceDiscovery*); ~PatternServiceDetector() override; - static void insert_service_port_pattern(PortPatternNode*); - static void finalize_service_port_patterns(); + void insert_service_port_pattern(PortPatternNode*); + void finalize_service_port_patterns(); int validate(AppIdDiscoveryArgs&) override; @@ -111,12 +111,12 @@ private: void register_service_patterns(); void install_ports(PatternService*); - PortPatternNode* luaInjectedPatterns = nullptr; - PatternService* servicePortPattern = nullptr; + PortPatternNode* lua_injected_patterns = nullptr; + PatternService* service_port_pattern = nullptr; snort::SearchTool* tcp_pattern_matcher = nullptr; snort::SearchTool* udp_pattern_matcher = nullptr; - snort::SearchTool* tcpPortPatternTree[65536] = { nullptr }; - snort::SearchTool* udpPortPatternTree[65536] = { nullptr }; + snort::SearchTool* tcp_port_pattern_tree[65536] = { nullptr }; + snort::SearchTool* udp_port_pattern_tree[65536] = { nullptr }; }; #endif diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index 7547e0641..2d4dd50cb 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -204,6 +204,12 @@ bool AppIdReloadTuner::tune_resources(unsigned int) return true; } +void ServiceDiscovery::initialize() +{ } + +int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) +{ return 0; } + OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { } diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 1f3301972..83236cd9a 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -64,7 +64,6 @@ static void* my_chp_rewritten = nullptr; void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } -ClientDiscovery::~ClientDiscovery() { } void ClientDiscovery::initialize() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, unsigned char const*, unsigned int, unsigned int) { } diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 022582514..18de10ac6 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -215,10 +215,10 @@ static int service_register_pattern(lua_State* L) unsigned int position = lua_tonumber(L, ++index); if ( protocol == IpProtocol::TCP) - ServiceDiscovery::get_instance().register_tcp_pattern(ud->sd, (const uint8_t*)pattern, + ud->get_odp_ctxt().get_service_disco_mgr().register_tcp_pattern(ud->sd, (const uint8_t*)pattern, size, position, 0); else - ServiceDiscovery::get_instance().register_udp_pattern(ud->sd, (const uint8_t*)pattern, + ud->get_odp_ctxt().get_service_disco_mgr().register_udp_pattern(ud->sd, (const uint8_t*)pattern, size, position, 0); lua_pushnumber(L, 0); @@ -2304,8 +2304,8 @@ static int add_port_pattern_client(lua_State* L) memcpy(pPattern->pattern, pattern, patternSize); pPattern->length = patternSize; pPattern->offset = position; - pPattern->detectorName = snort_strdup(ud->get_detector()->get_name().c_str()); - PatternClientDetector::insert_client_port_pattern(pPattern); + pPattern->detector_name = snort_strdup(ud->get_detector()->get_name().c_str()); + ud->get_odp_ctxt().get_client_pattern_detector().insert_client_port_pattern(pPattern); ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); @@ -2349,8 +2349,8 @@ static int add_port_pattern_service(lua_State* L) memcpy(pPattern->pattern, pattern, patternSize); pPattern->length = patternSize; pPattern->offset = position; - pPattern->detectorName = snort_strdup(ud->get_detector()->get_name().c_str()); - PatternServiceDetector::insert_service_port_pattern(pPattern); + pPattern->detector_name = snort_strdup(ud->get_detector()->get_name().c_str()); + ud->get_odp_ctxt().get_service_pattern_detector().insert_service_port_pattern(pPattern); ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appId); return 0; @@ -2787,14 +2787,14 @@ LuaServiceObject::LuaServiceObject(AppIdDiscovery* sdm, const std::string& detec if (protocol == IpProtocol::TCP) { - appid_detectors = ServiceDiscovery::get_instance().get_tcp_detectors(); + appid_detectors = odp_ctxt.get_service_disco_mgr().get_tcp_detectors(); auto detector = appid_detectors->find(detector_name); if (detector != appid_detectors->end()) ad = detector->second; } else if (protocol == IpProtocol::UDP) { - appid_detectors = ServiceDiscovery::get_instance().get_udp_detectors(); + appid_detectors = odp_ctxt.get_service_disco_mgr().get_udp_detectors(); auto detector = appid_detectors->find(detector_name); if (detector != appid_detectors->end()) ad = detector->second; diff --git a/src/network_inspectors/appid/lua_detector_module.cc b/src/network_inspectors/appid/lua_detector_module.cc index 8c8e78494..998d43447 100644 --- a/src/network_inspectors/appid/lua_detector_module.cc +++ b/src/network_inspectors/appid/lua_detector_module.cc @@ -371,7 +371,7 @@ LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name, lua_getfield(L, -1, "server"); if ( lua_istable(L, -1) ) { - return new LuaServiceObject(&ServiceDiscovery::get_instance(), + return new LuaServiceObject(&ctxt.get_odp_ctxt().get_service_disco_mgr(), detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt()); } else if (init(L)) diff --git a/src/network_inspectors/appid/service_plugins/service_bootp.cc b/src/network_inspectors/appid/service_plugins/service_bootp.cc index 8840f3622..156a04033 100644 --- a/src/network_inspectors/appid/service_plugins/service_bootp.cc +++ b/src/network_inspectors/appid/service_plugins/service_bootp.cc @@ -76,7 +76,6 @@ struct ServiceDHCPOption #pragma pack() static const uint8_t zeromac[6] = { 0, 0, 0, 0, 0, 0 }; -static THREAD_LOCAL DHCPInfo* dhcp_info_free_list = nullptr; BootpServiceDetector::BootpServiceDetector(ServiceDiscovery* sd) { @@ -99,22 +98,6 @@ BootpServiceDetector::BootpServiceDetector(ServiceDiscovery* sd) handler->register_detector(name, this, proto); } -BootpServiceDetector::~BootpServiceDetector() -{ - release_thread_resources(); -} - -void BootpServiceDetector::release_thread_resources() -{ - DHCPInfo* info; - - while ((info = dhcp_info_free_list)) - { - dhcp_info_free_list = info->next; - snort_free(info); - } -} - int BootpServiceDetector::validate(AppIdDiscoveryArgs& args) { const ServiceBOOTPHeader* bh; @@ -330,11 +313,7 @@ void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* dd) void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* dd) { - if (dd) - { - dd->next = dhcp_info_free_list; - dhcp_info_free_list = dd; - } + snort_free(dd); } int BootpServiceDetector::add_dhcp_info(AppIdSession& asd, unsigned op55_len, const uint8_t* op55, @@ -385,13 +364,7 @@ void BootpServiceDetector::add_new_dhcp_lease(AppIdSession& asd, const uint8_t* if (!(flags & IPFUNCS_HOSTS_IP)) return; - if (dhcp_info_free_list) - { - info = dhcp_info_free_list; - dhcp_info_free_list = info->next; - } - else - info = (DHCPInfo*)snort_calloc(sizeof(DHCPInfo)); + info = (DHCPInfo*)snort_calloc(sizeof(DHCPInfo)); if (asd.add_flow_data(info, APPID_SESSION_DATA_DHCP_INFO, (AppIdFreeFCN)BootpServiceDetector::AppIdFreeDhcpInfo)) diff --git a/src/network_inspectors/appid/service_plugins/service_bootp.h b/src/network_inspectors/appid/service_plugins/service_bootp.h index e900dc0f1..58fe2bdfd 100644 --- a/src/network_inspectors/appid/service_plugins/service_bootp.h +++ b/src/network_inspectors/appid/service_plugins/service_bootp.h @@ -31,7 +31,6 @@ class BootpServiceDetector : public ServiceDetector { public: BootpServiceDetector(ServiceDiscovery*); - ~BootpServiceDetector() override; int validate(AppIdDiscoveryArgs&) override; @@ -39,7 +38,6 @@ public: static void AppIdFreeDhcpData(snort::DHCPData*); static void AppIdFreeDhcpInfo(snort::DHCPInfo*); - void release_thread_resources() override; private: int add_dhcp_info(AppIdSession&, unsigned op55_len, const uint8_t* op55, unsigned op60_len, const uint8_t* op60, const uint8_t* mac); diff --git a/src/network_inspectors/appid/service_plugins/service_detector.h b/src/network_inspectors/appid/service_plugins/service_detector.h index f3c085d19..489467d8a 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.h +++ b/src/network_inspectors/appid/service_plugins/service_detector.h @@ -33,7 +33,6 @@ public: ServiceDetector(); void do_custom_init() override { } - void release_thread_resources() override { } void register_appid(AppId, unsigned extractsInfo, OdpContext& odp_ctxt) override; int service_inprocess(AppIdSession&, const snort::Packet*, AppidSessionDirection dir); diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.cc b/src/network_inspectors/appid/service_plugins/service_discovery.cc index f09b50240..f726b393e 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.cc +++ b/src/network_inspectors/appid/service_plugins/service_discovery.cc @@ -85,29 +85,6 @@ using namespace snort; static ServiceDetector* ftp_service; -ServiceDiscovery* ServiceDiscovery::discovery_manager = nullptr; - -ServiceDiscovery::ServiceDiscovery() -{ - initialize(); -} - -ServiceDiscovery& ServiceDiscovery::get_instance() -{ - if (!discovery_manager) - { - discovery_manager = new ServiceDiscovery(); - } - - return *discovery_manager; -} - -void ServiceDiscovery::release_instance() -{ - assert(discovery_manager); - delete discovery_manager; - discovery_manager = nullptr; -} void ServiceDiscovery::initialize() { @@ -133,7 +110,6 @@ void ServiceDiscovery::initialize() new NbdgmServiceDetector(this); new NntpServiceDetector(this); new NtpServiceDetector(this); - new PatternServiceDetector(this); new Pop3ServiceDetector(this); new RadiusServiceDetector(this); new RadiusAcctServiceDetector(this); @@ -318,7 +294,7 @@ static inline uint16_t sslPortRemap(uint16_t port) void ServiceDiscovery::get_port_based_services(IpProtocol protocol, uint16_t port, AppIdSession& asd) { - ServiceDiscovery& sd = ServiceDiscovery::get_instance(); + ServiceDiscovery& sd = asd.ctxt.get_odp_ctxt().get_service_disco_mgr(); if ( asd.is_decrypted() ) { @@ -440,9 +416,9 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, asd.service_search_state = SESSION_SERVICE_SEARCH_STATE::PORT; sds = AppIdServiceState::add(ip, proto, port, asd.is_decrypted(), true); sds->set_reset_time(0); - SERVICE_ID_STATE sds_state = sds->get_state(); + ServiceState sds_state = sds->get_state(); - if ( sds_state == SERVICE_ID_STATE::FAILED ) + if ( sds_state == ServiceState::FAILED ) { if (appidDebug->is_active()) LogMessage("AppIdDbg %s No service match, failed state\n", appidDebug->get_debug_session()); @@ -453,13 +429,14 @@ int ServiceDiscovery::identify_service(AppIdSession& asd, Packet* p, if ( !asd.service_detector ) { /* If a valid service already exists in host tracker, give it a try. */ - if ( sds_state == SERVICE_ID_STATE::VALID ) + if ( sds_state == ServiceState::VALID ) asd.service_detector = sds->get_service(); /* If we've gotten to brute force, give next detector a try. */ - else if ( sds_state == SERVICE_ID_STATE::SEARCHING_BRUTE_FORCE and + else if ( sds_state == ServiceState::SEARCHING_BRUTE_FORCE and asd.service_candidates.empty() ) { - asd.service_detector = sds->select_detector_by_brute_force(proto); + asd.service_detector = sds->select_detector_by_brute_force(proto, + asd.ctxt.get_odp_ctxt().get_service_disco_mgr()); got_brute_force = true; } } @@ -626,7 +603,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, asd.service_disco_state = APPID_DISCO_STATE_STATEFUL; } else - asd.stop_rna_service_inspection(p, direction); + asd.stop_service_inspection(p, direction); } else asd.service_disco_state = APPID_DISCO_STATE_STATEFUL; @@ -645,7 +622,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, { if (appidDebug->is_active()) LogMessage("AppIdDbg %s Stop service detection\n", appidDebug->get_debug_session()); - asd.stop_rna_service_inspection(p, direction); + asd.stop_service_inspection(p, direction); } } @@ -659,7 +636,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, // waste time (but we will still get the Snort callbacks // for any of our own future flows). Shut down our detectors. asd.service.set_id(APP_ID_SIP, asd.ctxt.get_odp_ctxt()); - asd.stop_rna_service_inspection(p, direction); + asd.stop_service_inspection(p, direction); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; } else if ((tp_app_id == APP_ID_RTP) || (tp_app_id == APP_ID_RTP_AUDIO) || @@ -668,7 +645,7 @@ bool ServiceDiscovery::do_service_discovery(AppIdSession& asd, Packet* p, // No need for anybody to keep wasting time once we've // found RTP - Shut down our detectors. asd.service.set_id(tp_app_id, asd.ctxt.get_odp_ctxt()); - asd.stop_rna_service_inspection(p, direction); + asd.stop_service_inspection(p, direction); asd.service_disco_state = APPID_DISCO_STATE_FINISHED; // - Shut down TP. @@ -811,8 +788,3 @@ int ServiceDiscovery::fail_service(AppIdSession& asd, const Packet* pkt, AppidSe return APPID_SUCCESS; } -void ServiceDiscovery::release_thread_resources() -{ - for (auto detectors : service_detector_list) - detectors->release_thread_resources(); -} diff --git a/src/network_inspectors/appid/service_plugins/service_discovery.h b/src/network_inspectors/appid/service_plugins/service_discovery.h index 63ce3c755..09c76ec13 100644 --- a/src/network_inspectors/appid/service_plugins/service_discovery.h +++ b/src/network_inspectors/appid/service_plugins/service_discovery.h @@ -52,7 +52,7 @@ enum SERVICE_HOST_INFO_CODE SERVICE_HOST_INFO_NETBIOS_NAME = 1 }; -/* Service state stored per flow, which acts based on global SERVICE_ID_STATE +/* Service state stored per flow, which acts based on global ServiceState * at the beginning of the flow, then independently do service discovery, and * synchronize findings at the end of service discovery by the flow. */ @@ -67,9 +67,9 @@ enum SESSION_SERVICE_SEARCH_STATE class ServiceDiscovery : public AppIdDiscovery { public: - static ServiceDiscovery& get_instance(); - static void release_instance(); - + ServiceDiscovery() { } + ~ServiceDiscovery() override { } + void initialize() override; void finalize_service_patterns(); int add_service_port(AppIdDetector*, const ServiceDetectorPort&) override; @@ -83,10 +83,8 @@ public: int fail_service(AppIdSession&, const snort::Packet*, AppidSessionDirection dir, ServiceDetector*, ServiceDiscoveryState* sds = nullptr); int incompatible_data(AppIdSession&, const snort::Packet*, AppidSessionDirection dir, ServiceDetector*); static int add_ftp_service_state(AppIdSession&); - void release_thread_resources(); + private: - ServiceDiscovery(); - void initialize() override; void get_next_service(const snort::Packet*, const AppidSessionDirection dir, AppIdSession&); void get_port_based_services(IpProtocol, uint16_t port, AppIdSession&); void match_by_pattern(AppIdSession&, const snort::Packet*, IpProtocol); diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index 36f4fb7f8..551340a48 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -79,9 +79,6 @@ struct MatchedPatterns MatchedPatterns* next; }; -static THREAD_LOCAL MatchedPatterns* patternList; -static THREAD_LOCAL MatchedPatterns* patternFreeList; - static MdnsPattern patterns[] = { { (const uint8_t*)PATTERN_STR_LOCAL_1, sizeof(PATTERN_STR_LOCAL_1) - 1 }, @@ -120,19 +117,6 @@ MdnsServiceDetector::~MdnsServiceDetector() destory_matcher(); } -void MdnsServiceDetector::release_thread_resources() -{ - MatchedPatterns* node; - - destroy_match_list(); - - while ((node = patternFreeList)) - { - patternFreeList = node->next; - snort_free(node); - } -} - int MdnsServiceDetector::validate(AppIdDiscoveryArgs& args) { int ret_val; @@ -405,13 +389,7 @@ static int mdns_pattern_match(void* id, void*, int match_end_pos, void* data, vo MatchedPatterns* element; MatchedPatterns* prevElement; - if (patternFreeList) - { - cm = patternFreeList; - patternFreeList = cm->next; - } - else - cm = (MatchedPatterns*)snort_calloc(sizeof(MatchedPatterns)); + cm = (MatchedPatterns*)snort_calloc(sizeof(MatchedPatterns)); cm->mpattern = target; cm->match_start_pos = match_end_pos - target->length; @@ -439,9 +417,6 @@ static int mdns_pattern_match(void* id, void*, int match_end_pos, void* data, vo unsigned MdnsServiceDetector::create_match_list(const char* data, uint16_t dataSize) { - if (patternList) - destroy_match_list(); - matcher->find_all((const char*)data, dataSize, mdns_pattern_match, false, (void*)&patternList); if (patternList) @@ -467,8 +442,7 @@ void MdnsServiceDetector::scan_matched_patterns(const char* dataPtr, uint16_t in MatchedPatterns* element = patternList; patternList = patternList->next; - element->next = patternFreeList; - patternFreeList = element; + snort_free(element); } *resp_endptr = nullptr; *pattern_length = 0; @@ -476,32 +450,21 @@ void MdnsServiceDetector::scan_matched_patterns(const char* dataPtr, uint16_t in void MdnsServiceDetector::destroy_match_list() { - MatchedPatterns* element; - while (patternList) { - element = patternList; + MatchedPatterns* element = patternList; patternList = patternList->next; - element->next = patternFreeList; - patternFreeList = element; + snort_free(element); } } void MdnsServiceDetector::destory_matcher() { - MatchedPatterns* node; - if (matcher) delete matcher; matcher = nullptr; destroy_match_list(); - - while ((node = patternFreeList)) - { - patternFreeList = node->next; - snort_free(node); - } } diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.h b/src/network_inspectors/appid/service_plugins/service_mdns.h index a1eec9031..2aca729b2 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.h +++ b/src/network_inspectors/appid/service_plugins/service_mdns.h @@ -38,7 +38,6 @@ public: ~MdnsServiceDetector() override; int validate(AppIdDiscoveryArgs&) override; - void release_thread_resources() override; private: unsigned create_match_list(const char* data, uint16_t dataSize); @@ -52,6 +51,7 @@ private: uint16_t data_size, uint8_t* user_name_len, unsigned size); snort::SearchTool* matcher = nullptr; + MatchedPatterns* patternList = nullptr; }; #endif diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.cc b/src/network_inspectors/appid/service_plugins/service_netbios.cc index e4579d93f..1f7a07ea4 100644 --- a/src/network_inspectors/appid/service_plugins/service_netbios.cc +++ b/src/network_inspectors/appid/service_plugins/service_netbios.cc @@ -280,9 +280,6 @@ struct NBDgmError #pragma pack() -// FIXIT-L - make this a class member var -static THREAD_LOCAL FpSMBData* smb_data_free_list = nullptr; - static int netbios_validate_name_and_decode(const uint8_t** data, const uint8_t* const begin, const uint8_t* const end, @@ -1020,22 +1017,6 @@ NbdgmServiceDetector::NbdgmServiceDetector(ServiceDiscovery* sd) handler->register_detector(name, this, proto); } -NbdgmServiceDetector::~NbdgmServiceDetector() -{ - release_thread_resources(); -} - -void NbdgmServiceDetector::release_thread_resources() -{ - FpSMBData* sd; - - while ((sd = smb_data_free_list)) - { - smb_data_free_list = sd->next; - snort_free(sd); - } -} - int NbdgmServiceDetector::validate(AppIdDiscoveryArgs& args) { const NBDgmHeader* hdr; @@ -1188,13 +1169,7 @@ void NbdgmServiceDetector::add_smb_info(AppIdSession& asd, unsigned major, unsig if ( flags & FINGERPRINT_UDP_FLAGS_XENIX ) return; - if ( smb_data_free_list ) - { - sd = smb_data_free_list; - smb_data_free_list = sd->next; - } - else - sd = (FpSMBData*)snort_calloc(sizeof(FpSMBData)); + sd = (FpSMBData*)snort_calloc(sizeof(FpSMBData)); if ( asd.add_flow_data(sd, APPID_SESSION_DATA_SMB_DATA, (AppIdFreeFCN)AppIdFreeSMBData) ) { @@ -1210,10 +1185,6 @@ void NbdgmServiceDetector::add_smb_info(AppIdSession& asd, unsigned major, unsig void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* sd) { - if ( sd ) - { - sd->next = smb_data_free_list; - smb_data_free_list = sd; - } + snort_free(sd); } diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.h b/src/network_inspectors/appid/service_plugins/service_netbios.h index 60c322a0c..0fb01e2ab 100644 --- a/src/network_inspectors/appid/service_plugins/service_netbios.h +++ b/src/network_inspectors/appid/service_plugins/service_netbios.h @@ -47,12 +47,10 @@ class NbdgmServiceDetector : public ServiceDetector { public: NbdgmServiceDetector(ServiceDiscovery*); - ~NbdgmServiceDetector() override; int validate(AppIdDiscoveryArgs&) override; static void AppIdFreeSMBData(snort::FpSMBData*); - void release_thread_resources() override; private: void add_smb_info(AppIdSession&, unsigned major, unsigned minor, uint32_t flags); diff --git a/src/network_inspectors/appid/service_state.cc b/src/network_inspectors/appid/service_state.cc index 6c3ff2980..e5b83405d 100644 --- a/src/network_inspectors/appid/service_state.cc +++ b/src/network_inspectors/appid/service_state.cc @@ -40,13 +40,12 @@ using namespace snort; static THREAD_LOCAL MapList* service_state_cache = nullptr; - -const size_t MapList::sz = sizeof(Val_t) + +const size_t MapList::sz = sizeof(ServiceDiscoveryState) + sizeof(Map_t::value_type) + sizeof(Queue_t::value_type); ServiceDiscoveryState::ServiceDiscoveryState() { - state = SERVICE_ID_STATE::SEARCHING_PORT_PATTERN; + state = ServiceState::SEARCHING_PORT_PATTERN; last_detract.clear(); last_invalid_client.clear(); reset_time = 0; @@ -58,12 +57,13 @@ ServiceDiscoveryState::~ServiceDiscoveryState() delete udp_brute_force_mgr; } -ServiceDetector* ServiceDiscoveryState::select_detector_by_brute_force(IpProtocol proto) +ServiceDetector* ServiceDiscoveryState::select_detector_by_brute_force(IpProtocol proto, + ServiceDiscovery& sd) { if (proto == IpProtocol::TCP) { if ( !tcp_brute_force_mgr ) - tcp_brute_force_mgr = new AppIdDetectorList(IpProtocol::TCP); + tcp_brute_force_mgr = new AppIdDetectorList(IpProtocol::TCP, sd); service = tcp_brute_force_mgr->next(); if (appidDebug->is_active()) LogMessage("AppIdDbg %s Brute-force state %s\n", appidDebug->get_debug_session(), @@ -72,7 +72,7 @@ ServiceDetector* ServiceDiscoveryState::select_detector_by_brute_force(IpProtoco else if (proto == IpProtocol::UDP) { if ( !udp_brute_force_mgr ) - udp_brute_force_mgr = new AppIdDetectorList(IpProtocol::UDP); + udp_brute_force_mgr = new AppIdDetectorList(IpProtocol::UDP, sd); service = udp_brute_force_mgr->next(); if (appidDebug->is_active()) LogMessage("AppIdDbg %s Brute-force state %s\n", appidDebug->get_debug_session(), @@ -82,7 +82,7 @@ ServiceDetector* ServiceDiscoveryState::select_detector_by_brute_force(IpProtoco service = nullptr; if ( !service ) - state = SERVICE_ID_STATE::FAILED; + state = ServiceState::FAILED; return service; } @@ -91,9 +91,9 @@ void ServiceDiscoveryState::set_service_id_valid(ServiceDetector* sd) { service = sd; reset_time = 0; - if ( state != SERVICE_ID_STATE::VALID ) + if ( state != ServiceState::VALID ) { - state = SERVICE_ID_STATE::VALID; + state = ServiceState::VALID; valid_count = 0; } @@ -122,14 +122,14 @@ void ServiceDiscoveryState::set_service_id_failed(AppIdSession& asd, const SfIp* /* If we had a valid detector, check for too many fails. If so, start * search sequence again. */ - if ( state == SERVICE_ID_STATE::VALID ) + if ( state == ServiceState::VALID ) { /* Too many invalid clients? If so, count it as an invalid detect. */ if ( invalid_client_count >= STATE_ID_INVALID_CLIENT_THRESHOLD ) { if ( valid_count <= 1 ) { - state = SERVICE_ID_STATE::SEARCHING_PORT_PATTERN; + state = ServiceState::SEARCHING_PORT_PATTERN; invalid_client_count = 0; last_invalid_client.clear(); valid_count = 0; @@ -155,7 +155,7 @@ void ServiceDiscoveryState::set_service_id_failed(AppIdSession& asd, const SfIp* { if (valid_count <= 1) { - state = SERVICE_ID_STATE::SEARCHING_PORT_PATTERN; + state = ServiceState::SEARCHING_PORT_PATTERN; invalid_client_count = 0; last_invalid_client.clear(); valid_count = 0; @@ -167,7 +167,7 @@ void ServiceDiscoveryState::set_service_id_failed(AppIdSession& asd, const SfIp* } } } - else if ( ( state == SERVICE_ID_STATE::SEARCHING_PORT_PATTERN ) and + else if ( ( state == ServiceState::SEARCHING_PORT_PATTERN ) and ( asd.service_search_state == SESSION_SERVICE_SEARCH_STATE::PENDING ) and asd.service_candidates.empty() and !asd.get_session_flags(APPID_SESSION_MID | APPID_SESSION_OOO) ) @@ -193,7 +193,6 @@ void ServiceDiscoveryState::update_service_incompatiable(const SfIp* ip) } } - bool AppIdServiceState::initialize(size_t memcap) { if ( !service_state_cache ) diff --git a/src/network_inspectors/appid/service_state.h b/src/network_inspectors/appid/service_state.h index 715263b65..bf09e86f0 100644 --- a/src/network_inspectors/appid/service_state.h +++ b/src/network_inspectors/appid/service_state.h @@ -38,14 +38,10 @@ class ServiceDetector; class AppIdServiceStateKey; class ServiceDiscoveryState; -typedef AppIdServiceStateKey Key_t; -typedef ServiceDiscoveryState Val_t; - -typedef std::map Map_t; +typedef std::map Map_t; typedef std::list Queue_t; - -enum SERVICE_ID_STATE +enum ServiceState { SEARCHING_PORT_PATTERN = 0, SEARCHING_BRUTE_FORCE, @@ -56,12 +52,12 @@ enum SERVICE_ID_STATE class AppIdDetectorList { public: - AppIdDetectorList(IpProtocol proto) + AppIdDetectorList(IpProtocol proto, ServiceDiscovery& sd) { if (proto == IpProtocol::TCP) - detectors = ServiceDiscovery::get_instance().get_tcp_detectors(); + detectors = sd.get_tcp_detectors(); else - detectors = ServiceDiscovery::get_instance().get_udp_detectors(); + detectors = sd.get_udp_detectors(); dit = detectors->begin(); } @@ -89,18 +85,18 @@ class ServiceDiscoveryState public: ServiceDiscoveryState(); ~ServiceDiscoveryState(); - ServiceDetector* select_detector_by_brute_force(IpProtocol proto); + ServiceDetector* select_detector_by_brute_force(IpProtocol proto, ServiceDiscovery& sd); void set_service_id_valid(ServiceDetector* sd); void set_service_id_failed(AppIdSession& asd, const snort::SfIp* client_ip, unsigned invalid_delta = 0); void update_service_incompatiable(const snort::SfIp* ip); - SERVICE_ID_STATE get_state() const + ServiceState get_state() const { return state; } - void set_state(SERVICE_ID_STATE state) + void set_state(ServiceState state) { this->state = state; } @@ -128,7 +124,7 @@ public: Queue_t::iterator qptr; // Our place in service_state_queue private: - SERVICE_ID_STATE state; + ServiceState state; ServiceDetector* service = nullptr; AppIdDetectorList* tcp_brute_force_mgr = nullptr; AppIdDetectorList* udp_brute_force_mgr = nullptr; @@ -212,9 +208,9 @@ public: delete kv.second; } - Val_t* add(const Key_t& k, bool do_touch = false) + ServiceDiscoveryState* add(const AppIdServiceStateKey& k, bool do_touch = false) { - Val_t* ss = nullptr; + ServiceDiscoveryState* ss = nullptr; // Try to emplace k first, with a nullptr. std::pair sit = m.emplace( std::make_pair(k, ss) ); @@ -223,7 +219,7 @@ public: if ( sit.second ) { // emplace succeeded - ss = it->second = new Val_t; + ss = it->second = new ServiceDiscoveryState; q.emplace_back(it); mem_used += sz; ss->qptr = --q.end(); // remember our place in the queue @@ -242,7 +238,7 @@ public: return ss; } - Val_t* get(const Key_t& k, bool do_touch = 0) + ServiceDiscoveryState* get(const AppIdServiceStateKey& k, bool do_touch = 0) { Map_t::const_iterator it = m.find(k); if ( it != m.end() ) { @@ -283,7 +279,7 @@ public: return mem_used <= max_memory; } - Map_t::iterator find(const Key_t& k) + Map_t::iterator find(const AppIdServiceStateKey& k) { return m.find(k); } diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index 05146c22e..eb4fc6d26 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -48,7 +48,6 @@ public: void do_custom_init() override { } int validate(AppIdDiscoveryArgs&) override { return 0; } void register_appid(AppId, unsigned, OdpContext&) override { } - void release_thread_resources() override { } }; TEST_GROUP(appid_detector_tests) diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 64e92fae8..b8ae5bfac 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -205,18 +205,9 @@ int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDir ServiceDetector*, ServiceDiscoveryState*) { return 0; } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } -ServiceDiscovery::ServiceDiscovery() {} -void ServiceDiscovery::release_instance() {} -void ServiceDiscovery::release_thread_resources() {} static AppIdModule* s_app_module = nullptr; static AppIdInspector* s_ins = nullptr; static ServiceDiscovery* s_discovery_manager = nullptr; -ServiceDiscovery& ServiceDiscovery::get_instance() -{ - if (!s_discovery_manager) - s_discovery_manager = new ServiceDiscovery(); - return *s_discovery_manager; -} HostCacheIp host_cache(50); AppId HostTracker::get_appid(Port, IpProtocol, bool, bool) @@ -225,11 +216,8 @@ AppId HostTracker::get_appid(Port, IpProtocol, bool, bool) } // Stubs for ClientDiscovery -ClientDiscovery::~ClientDiscovery() {} void ClientDiscovery::initialize() {} void ClientDiscovery::finalize_client_plugins() {} -void ClientDiscovery::release_instance() {} -void ClientDiscovery::release_thread_resources() {} static ClientDiscovery* c_discovery_manager = new ClientDiscovery(); bool ClientDiscovery::do_client_discovery(AppIdSession&, Packet*, AppidSessionDirection, AppidChangeBits&) diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 41023d0e9..b26eec09d 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -56,7 +56,6 @@ SearchTool::~SearchTool() { } AppIdDiscovery::AppIdDiscovery() { } AppIdDiscovery::~AppIdDiscovery() { } -ClientDiscovery::~ClientDiscovery() { } void ClientDiscovery::initialize() { } void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { } void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int, unsigned char const*, unsigned int, unsigned int) { } @@ -83,6 +82,12 @@ int ServiceDiscovery::add_ftp_service_state(AppIdSession&) return 0; } +void ServiceDiscovery::initialize() +{ } + +int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) +{ return 0; } + // Stubs for app_info_table.h AppInfoTableEntry* AppInfoManager::get_app_info_entry(int) { diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index fac94f844..672f88bf0 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -105,13 +105,6 @@ int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDir ServiceDetector*, ServiceDiscoveryState*) { return 0; } int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } -ServiceDiscovery::ServiceDiscovery() {} - -ServiceDiscovery& ServiceDiscovery::get_instance() -{ - static ServiceDiscovery discovery_manager; - return discovery_manager; -} TEST_GROUP(service_state_tests) { @@ -129,20 +122,20 @@ TEST_GROUP(service_state_tests) TEST(service_state_tests, select_detector_by_brute_force) { + ServiceDiscovery sd; ServiceDiscoveryState sds; - ServiceDiscovery::get_instance(); // Testing end of brute-force walk for supported and unsupported protocols test_log[0] = '\0'; - sds.select_detector_by_brute_force(IpProtocol::TCP); + sds.select_detector_by_brute_force(IpProtocol::TCP, sd); STRCMP_EQUAL(test_log, "AppIdDbg Brute-force state failed - no more TCP detectors\n"); test_log[0] = '\0'; - sds.select_detector_by_brute_force(IpProtocol::UDP); + sds.select_detector_by_brute_force(IpProtocol::UDP, sd); STRCMP_EQUAL(test_log, "AppIdDbg Brute-force state failed - no more UDP detectors\n"); test_log[0] = '\0'; - sds.select_detector_by_brute_force(IpProtocol::IP); + sds.select_detector_by_brute_force(IpProtocol::IP, sd); STRCMP_EQUAL(test_log, ""); } @@ -152,16 +145,15 @@ TEST(service_state_tests, set_service_id_failed) AppIdInspector inspector; AppIdSession asd(IpProtocol::PROTO_NOT_SET, nullptr, 0, inspector); SfIp client_ip; - ServiceDiscovery::get_instance(); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0 client_ip.set("1.2.3.4"); - sds.set_state(SERVICE_ID_STATE::VALID); + sds.set_state(ServiceState::VALID); sds.set_service_id_failed(asd, &client_ip, 0); sds.set_service_id_failed(asd, &client_ip, 0); sds.set_service_id_failed(asd, &client_ip, 0); sds.set_service_id_failed(asd, &client_ip, 0); - CHECK_TRUE(sds.get_state() == SERVICE_ID_STATE::SEARCHING_PORT_PATTERN); + CHECK_TRUE(sds.get_state() == ServiceState::SEARCHING_PORT_PATTERN); } @@ -171,18 +163,17 @@ TEST(service_state_tests, set_service_id_failed_with_valid) AppIdInspector inspector; AppIdSession asd(IpProtocol::PROTO_NOT_SET, nullptr, 0, inspector); SfIp client_ip; - ServiceDiscovery::get_instance(); // Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1 client_ip.set("1.2.3.4"); - sds.set_state(SERVICE_ID_STATE::VALID); + sds.set_state(ServiceState::VALID); sds.set_service_id_valid(0); sds.set_service_id_valid(0); sds.set_service_id_failed(asd, &client_ip, 0); sds.set_service_id_failed(asd, &client_ip, 0); sds.set_service_id_failed(asd, &client_ip, 0); sds.set_service_id_failed(asd, &client_ip, 0); - CHECK_TRUE(sds.get_state() == SERVICE_ID_STATE::VALID); + CHECK_TRUE(sds.get_state() == ServiceState::VALID); } TEST(service_state_tests, appid_service_state_key_comparison_test) @@ -193,8 +184,8 @@ TEST(service_state_tests, appid_service_state_key_comparison_test) IpProtocol proto = IpProtocol::TCP; uint16_t port=3000; - Key_t A(&ip4, proto, port, 0); - Key_t B(&ip6, proto, port, 0); + AppIdServiceStateKey A(&ip4, proto, port, 0); + AppIdServiceStateKey B(&ip6, proto, port, 0); // We must never be in a situation where !( A ssvec; + ServiceDiscoveryState* ss = nullptr; + std::vector ssvec; // Insert (ipv4 and ipv6) past the memcap, and check the memcap is not exceeded. for( size_t i = 1; i <= num_entries; i++, port++ ) { const SfIp* ip = ( i%2 == 1 ? &ip4 : &ip6 ); - ss = ServiceCache.add( Key_t(ip, proto, port, 0) ); + ss = ServiceCache.add( AppIdServiceStateKey(ip, proto, port, 0) ); CHECK_TRUE(ServiceCache.size() == ( i <= max_entries ? i : max_entries)); ssvec.push_back(ss); } @@ -229,7 +220,7 @@ TEST(service_state_tests, service_cache) // The cache should now be ip6:3007, ip4:3008, ip6:3009. // Check that the order in the cache is correct. Queue_t::iterator it = ServiceCache.newest(); - std::vector::iterator vit = --ssvec.end(); + std::vector::iterator vit = --ssvec.end(); for( size_t i=0; i