AppIdDiscovery::AppIdDiscovery()
{
- tcp_patterns = new SearchTool;
- udp_patterns = new SearchTool;
+ tcp_patterns = new SearchTool("ac_full", true);
+ udp_patterns = new SearchTool("ac_full", true);
}
AppIdDiscovery::~AppIdDiscovery()
{
- AppIdPatternMatchNode* pd = pattern_data_list;
- while (pd)
- {
- pattern_data_list = pd->next;
- snort_free(pd);
- pd = pattern_data_list;
- }
+ for (auto pd : pattern_data )
+ delete pd;
+
+ pattern_data.clear();
delete tcp_patterns;
delete udp_patterns;
void AppIdDiscovery::add_pattern_data(AppIdDetector* detector, SearchTool* st, int position, const
uint8_t* const pattern, unsigned size, unsigned nocase)
{
- AppIdPatternMatchNode* pd =
- (AppIdPatternMatchNode*)snort_calloc(sizeof(AppIdPatternMatchNode));
- pd->service = detector;
- pd->pattern_start_pos = position;
- pd->size = size;
- pd->next = pattern_data_list;
- pattern_data_list = pd;
+ AppIdPatternMatchNode* pd = new AppIdPatternMatchNode(detector, position, size);
+ pattern_data.push_back(pd);
st->add((const char*)pattern, size, pd, nocase);
}
#ifndef APPID_DISCOVERY_H
#define APPID_DISCOVERY_H
-#include <string>
#include <map>
+#include <string>
+#include <vector>
#include "protocols/protocol_ids.h"
#include "search_engines/search_tool.h"
#define SCAN_HTTP_XWORKINGWITH_FLAG (1<<7)
#define SCAN_HTTP_CONTENT_TYPE_FLAG (1<<8)
-struct AppIdPatternMatchNode
+class AppIdPatternMatchNode
{
- AppIdPatternMatchNode* next = nullptr;
- int pattern_start_pos = 0;
- unsigned size = 0;
- AppIdDetector* service = nullptr;
+public:
+ AppIdPatternMatchNode(AppIdDetector* detector, int start, unsigned len)
+ : service(detector), pattern_start_pos(start), size(len)
+ {}
+ ~AppIdPatternMatchNode() {}
+
+ bool valid_match(int end_position)
+ {
+ if ( pattern_start_pos >= 0 && pattern_start_pos != (end_position - (int)size) )
+ return false;
+ else
+ return true;
+ }
+
+ AppIdDetector* service;
+ int pattern_start_pos;
+ unsigned size;
};
struct ServiceMatch
int tcp_pattern_count = 0;
SearchTool* udp_patterns = nullptr;
int udp_pattern_count = 0;
- AppIdPatternMatchNode* pattern_data_list = nullptr;
+ std::vector<AppIdPatternMatchNode*> pattern_data;
};
#endif
tPatternNode* ddPatternNode;
/* set up the MPSE for url patterns */
- patternMatcher = rootNode->patternTree = new SearchTool;
+ patternMatcher = rootNode->patternTree = new SearchTool("ac_full", true);
for (primaryPatternNode = rootNode->patternList;
primaryPatternNode;
tPatternList* patternNode;
/* set up the MPSE for url patterns */
- if (!(patternMatcher = rootNode->patternTree = new SearchTool))
+ if (!(patternMatcher = rootNode->patternTree = new SearchTool("ac_full", true)))
return -1;
for (patternNode = rootNode->patternList;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// client_app_bit.cc author Sourcefire Inc.
+// client_discovery.cc author Sourcefire Inc.
#ifdef HAVE_CONFIG_H
#include "config.h"
{
ClientAppMatch** matches = (ClientAppMatch**)data;
AppIdPatternMatchNode* pd = (AppIdPatternMatchNode*)id;
- ClientAppMatch* cam;
-
- // Ignore matches that don't start at the expected position.
- if ( pd->pattern_start_pos >= 0 && pd->pattern_start_pos != (match_end_pos - (int)pd->size))
- return 0;
- for (cam = *matches; cam; cam = cam->next)
+ if ( pd->valid_match(match_end_pos) )
{
- if (cam->detector == pd->service)
- break;
- }
+ ClientAppMatch* cam;
- if (cam)
- cam->count++;
- else
- {
- if (match_free_list)
- {
- cam = match_free_list;
- match_free_list = cam->next;
- memset(cam, 0, sizeof(*cam));
- }
+ for (cam = *matches; cam; cam = cam->next)
+ if (cam->detector == pd->service)
+ break;
+
+ if (cam)
+ cam->count++;
else
- cam = (ClientAppMatch*)snort_calloc(sizeof(ClientAppMatch));
+ {
+ if (match_free_list)
+ {
+ cam = match_free_list;
+ match_free_list = cam->next;
+ memset(cam, 0, sizeof(*cam));
+ }
+ else
+ cam = (ClientAppMatch*)snort_calloc(sizeof(ClientAppMatch));
- cam->count = 1;
- cam->detector = static_cast<const ClientDetector*>(pd->service);
- cam->next = *matches;
- *matches = cam;
+ cam->count = 1;
+ cam->detector = static_cast<const ClientDetector*>(pd->service);
+ cam->next = *matches;
+ *matches = cam;
+ }
}
return 0;
else
patterns = ClientDiscovery::get_instance().udp_patterns;
- if (!patterns)
- return nullptr;
+ if ( patterns )
+ patterns->find_all((char*)pkt->data, pkt->dsize, &pattern_match, false, (void*)&match_list);
- patterns->find_all((char*)pkt->data, pkt->dsize, &pattern_match, false, (void*)&match_list);
return match_list;
}
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// client_app_config.h author Sourcefire Inc.
+// client_discovery.h author Sourcefire Inc.
#ifndef CLIENT_DISCOVERY_H
#define CLIENT_DISCOVERY_H
if (serviceDnsConfig.dns_host_host_matcher)
delete serviceDnsConfig.dns_host_host_matcher;
- serviceDnsConfig.dns_host_host_matcher = new SearchTool;
+ serviceDnsConfig.dns_host_host_matcher = new SearchTool("ac_full", true);
if (!serviceDnsConfig.dns_host_host_matcher)
return 0;
void ImapClientDetector::do_custom_init()
{
unsigned index = 0;
- cmd_matcher = new SearchTool;
+ cmd_matcher = new SearchTool("ac_full", true);
if ( tcp_patterns.size() )
for (auto& pat : tcp_patterns)
{
if (!*patterns)
{
- *patterns = new SearchTool;
+ *patterns = new SearchTool("ac_full", true);
if (!*patterns)
{
ErrorMessage("Error initializing the pattern table\n");
void Pop3ClientDetector::do_custom_init()
{
unsigned index = 0;
- cmd_matcher = new SearchTool;
+ cmd_matcher = new SearchTool("ac_full", true);
if ( tcp_patterns.size() )
for (auto& pat : tcp_patterns)
return;
success:
- //client detection successful
- client->add_app(asd, APP_ID_SIP, ClientAppId, clientVersion);
- appid_stats.sip_clients++;
+ if( !asd->is_client_detected() )
+ {
+ //client detection successful
+ client->add_app(asd, APP_ID_SIP, ClientAppId, clientVersion);
+ appid_stats.sip_clients++;
+ }
if ( fd->user_name.size() )
client->add_user(asd, fd->user_name.c_str(), APP_ID_SIP, true);
-
- asd->set_client_detected();
}
void SipEventHandler::service_handler(SipEvent& sip_event, AppIdSession* asd)
int HttpPatternMatchers::process_chp_list(CHPListElement* chplist)
{
for (size_t i = 0; i <= MAX_PATTERN_TYPE; i++)
- chp_matchers[i] = new SearchTool;
+ chp_matchers[i] = new SearchTool("ac_full", true);
for (CHPListElement* chpe = chplist; chpe; chpe = chpe->next)
chp_matchers[chpe->chp_action.ptype]->add(chpe->chp_action.pattern,
static SearchTool* process_http_field_patterns(FieldPattern* patternList, size_t patternListCount)
{
- SearchTool* patternMatcher = new SearchTool;
+ SearchTool* patternMatcher = new SearchTool("ac_full", true);
for (size_t i=0; i < patternListCount; i++)
patternMatcher->add( (char*)patternList[i].data, patternList[i].length,
class HttpPatternMatchers
{
public:
- HttpPatternMatchers() { }
+ HttpPatternMatchers()
+ : url_matcher("ac_full", true), client_agent_matcher("ac_full", true), via_matcher("ac_full", true),
+ content_type_matcher("ac_full", true)
+ { }
~HttpPatternMatchers();
static HttpPatternMatchers* get_instance();
{
ServiceMatch** matches = (ServiceMatch**)data;
AppIdPatternMatchNode* pd = (AppIdPatternMatchNode*)id;
- ServiceMatch* sm;
- // Ignore matches that don't start at the expected position.
- if ( pd->pattern_start_pos >= 0 && pd->pattern_start_pos != (match_end_pos - (int)pd->size) )
- return 0;
+ if ( pd->valid_match(match_end_pos) )
+ {
+ ServiceMatch* sm;
- for (sm = *matches; sm; sm = sm->next)
- if (sm->service == (ServiceDetector*)pd->service)
- break;
+ for (sm = *matches; sm; sm = sm->next)
+ if (sm->service == (ServiceDetector*)pd->service)
+ break;
- if (sm)
- sm->count++;
- else
- {
- sm = (ServiceMatch*)snort_calloc(sizeof(ServiceMatch));
- sm->count++;
- sm->service = static_cast<ServiceDetector*>(pd->service);
- sm->size = pd->size;
- sm->next = *matches;
- *matches = sm;
+ if (sm)
+ sm->count++;
+ else
+ {
+ sm = (ServiceMatch*)snort_calloc(sizeof(ServiceMatch));
+ sm->count++;
+ sm->service = static_cast<ServiceDetector*>(pd->service);
+ sm->size = pd->size;
+ sm->next = *matches;
+ *matches = sm;
+ }
}
+
return 0;
}
{ 5353, IpProtocol::UDP, false },
};
- matcher = new SearchTool;
+ matcher = new SearchTool("ac_full", true);
for (unsigned i = 0; i < sizeof(patterns) / sizeof(*patterns); i++)
matcher->add((char*)patterns[i].pattern, patterns[i].length, &patterns[i]);
matcher->prep();
if (*matcher)
delete *matcher;
- if (!(*matcher = new SearchTool))
+ if (!(*matcher = new SearchTool("ac_full", true)))
return 0;
patternIndex = &size;
#include "managers/mpse_manager.h"
-SearchTool::SearchTool(const char* method)
+SearchTool::SearchTool(const char* method, bool dfa)
{
mpse = MpseManager::get_search_engine(method);
assert(mpse);
max_len = 0;
+ if( dfa )
+ mpse->set_opt(1);
}
SearchTool::~SearchTool()
class SO_PUBLIC SearchTool
{
public:
- SearchTool(const char* method = nullptr);
+ SearchTool(const char* method = nullptr, bool dfa = false);
~SearchTool();
void add(const char* pattern, unsigned len, int s_id, bool no_case = true);
projects / thirdparty / snort3.git / commitdiff
