{
if ( p->flow )
{
- const char* app_name = appid_api.get_application_name(p->flow, p->is_from_client());
+ const char* app_name = appid_api.get_application_name(*p->flow, p->is_from_client());
if ( app_name )
{
u2_event.pkt_ip_proto = (uint8_t)p->get_ip_proto_next();
const char* app_name = p->flow ?
- appid_api.get_application_name(p->flow, p->is_from_client()) : nullptr;
+ appid_api.get_application_name(*p->flow, p->is_from_client()) : nullptr;
if ( app_name )
memcpy_s(u2_event.app_name, sizeof(u2_event.app_name),
alertdata.pad2 = htons((uint16_t)p->user_ips_policy_id);
const char* app_name = p->flow ?
- appid_api.get_application_name(p->flow, p->is_from_client()) : nullptr;
+ appid_api.get_application_name(*p->flow, p->is_from_client()) : nullptr;
if ( app_name )
memcpy_s(alertdata.app_name, sizeof(alertdata.app_name),
alertdata.pad2 = htons((uint16_t)p->user_ips_policy_id);
const char* app_name = p->flow ?
- appid_api.get_application_name(p->flow, p->is_from_client()) : nullptr;
+ appid_api.get_application_name(*p->flow, p->is_from_client()) : nullptr;
if ( app_name )
memcpy_s(alertdata.app_name, sizeof(alertdata.app_name),
appid_api.h
appid_dns_session.h
appid_http_session.h
+ appid_session_api.h
appid_types.h
application_ids.h
http_xff_fields.h
appid_peg_counts.cc
appid_session.cc
appid_session.h
+ appid_session_api.cc
+ appid_session_api.h
appid_types.h
appid_inspector.cc
appid_inspector.h
#endif
#include "appid_api.h"
-#include "app_info_table.h"
-#include "service_plugins/service_bootp.h"
-#include "service_plugins/service_netbios.h"
+
#include "utils/util.h"
+
+#include "appid_session.h"
+#include "appid_session_api.h"
+#include "app_info_table.h"
#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_session_api.h"
#endif
using namespace snort;
-#define SSL_WHITELIST_PKT_LIMIT 20
-
namespace snort
{
AppIdApi appid_api;
return AppInfoManager::get_instance().get_app_name(app_id);
}
-const char* AppIdApi::get_application_name(Flow* flow, bool from_client)
+const char* AppIdApi::get_application_name(Flow& flow, bool from_client)
{
const char* app_name = nullptr;
- AppIdSession* asd = get_appid_session(*flow);
+ AppIdSession* asd = get_appid_session(flow);
if ( asd )
{
if ( asd->payload.get_id() )
return AppInfoManager::get_instance().get_appid_by_name(appName);
}
-AppId AppIdApi::get_service_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_service_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_port_service_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->service.get_port_service_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_only_service_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_only_service_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_misc_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_misc_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_client_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_client_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_payload_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_payload_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_referred_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_referred_payload_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_fw_service_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_fw_service_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_fw_misc_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_fw_misc_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_fw_client_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_fw_client_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_fw_payload_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_fw_payload_app_id();
- else
- return APP_ID_NONE;
-}
-
-AppId AppIdApi::get_fw_referred_app_id(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->pick_fw_referred_payload_app_id();
- else
- return APP_ID_NONE;
-}
-
-bool AppIdApi::is_ssl_session_decrypted(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->is_ssl_session_decrypted();
- return false;
-}
-
-bool AppIdApi::is_appid_inspecting_session(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- if ( asd->common.flow_type == APPID_FLOW_TYPE_NORMAL )
- {
- if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED ||
- !asd->is_tp_appid_done() ||
- asd->get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) ||
- (asd->get_session_flags(APPID_SESSION_ENCRYPTED) &&
- (asd->get_session_flags(APPID_SESSION_DECRYPTED) ||
- asd->session_packet_count < SSL_WHITELIST_PKT_LIMIT)) )
- {
- return true;
- }
-
- if ( asd->client_disco_state != APPID_DISCO_STATE_FINISHED &&
- (!asd->is_client_detected() ||
- (asd->service_disco_state != APPID_DISCO_STATE_STATEFUL
- && asd->get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))) )
- {
- return true;
- }
-
- if ( asd->get_tp_app_id() == APP_ID_SSH && asd->payload.get_id() != APP_ID_SFTP &&
- asd->session_packet_count < MAX_SFTP_PACKET_COUNT )
- {
- return true;
- }
- }
- }
-
- return false;
-}
-
-const char* AppIdApi::get_user_name(Flow& flow, AppId* service, bool* isLoginSuccessful)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- *service = asd->client.get_user_id();
- *isLoginSuccessful = asd->get_session_flags(APPID_SESSION_LOGIN_SUCCEEDED) ? true : false;
- return asd->client.get_username();
- }
-
- return nullptr;
-}
-
-bool AppIdApi::is_appid_available(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- return ( (asd->service.get_id() != APP_ID_NONE ||
- asd->payload.get_id() != APP_ID_NONE) &&
- (asd->is_tp_appid_available() ||
- asd->get_session_flags(APPID_SESSION_NO_TPI)) );
- }
-
- return false;
-}
-
-const char* AppIdApi::get_client_version(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->client.get_version();
- else
- return nullptr;
-}
-
-uint64_t AppIdApi::get_appid_session_attribute(Flow& flow, uint64_t flags)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->get_session_flags(flags);
- return 0;
-}
-
-APPID_FLOW_TYPE AppIdApi::get_flow_type(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->common.flow_type;
- else
- return APPID_FLOW_TYPE_IGNORE;
-}
-
-void AppIdApi::get_service_info(Flow& flow, const char** vendor, const char** version,
- AppIdServiceSubtype** subtype)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- *vendor = asd->service.get_vendor();
- *version = asd->service.get_version();
- *subtype = asd->subtype;
- }
-}
-
-short AppIdApi::get_service_port(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->service_port;
- else
- return 0;
-}
-
-char* AppIdApi::get_tls_host(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- if (asd->tsession)
- return asd->tsession->tls_host;
-
- return nullptr;
-}
-
-SfIp* AppIdApi::get_service_ip(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return &asd->service_ip;
-
- return nullptr;
-}
-
-SfIp* AppIdApi::get_initiator_ip(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return &asd->common.initiator_ip;
-
- return nullptr;
-}
-
-DHCPData* AppIdApi::get_dhcp_fp_data(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_FP))
- return static_cast<DHCPData*>(
- asd->remove_flow_data(APPID_SESSION_DATA_DHCP_FP_DATA));
-
- return nullptr;
-}
-
-void AppIdApi::free_dhcp_fp_data(Flow& flow, DHCPData* data)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- asd->clear_session_flags(APPID_SESSION_HAS_DHCP_FP);
- BootpServiceDetector::AppIdFreeDhcpData(data);
- }
-}
-
-DHCPInfo* AppIdApi::get_dhcp_info(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_INFO))
- return static_cast<DHCPInfo*>(
- asd->remove_flow_data(APPID_SESSION_DATA_DHCP_INFO));
-
- return nullptr;
-}
-
-void AppIdApi::free_dhcp_info(Flow& flow, DHCPInfo* data)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- asd->clear_session_flags(APPID_SESSION_HAS_DHCP_INFO);
- BootpServiceDetector::AppIdFreeDhcpInfo(data);
- }
-}
-
-FpSMBData* AppIdApi::get_smb_fp_data(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- if (asd->get_session_flags(APPID_SESSION_HAS_SMB_INFO))
- return static_cast<FpSMBData*>(
- asd->remove_flow_data(APPID_SESSION_DATA_SMB_DATA));
-
- return nullptr;
-}
-
-void AppIdApi::free_smb_fp_data(Flow& flow, FpSMBData* data)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- {
- asd->clear_session_flags(APPID_SESSION_HAS_SMB_INFO);
- NbdgmServiceDetector::AppIdFreeSMBData(data);
- }
-}
-
-const char* AppIdApi::get_netbios_name(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->netbios_name;
- else
- return nullptr;
-}
-
#define APPID_HA_FLAGS_APP ( 1 << 0 )
#define APPID_HA_FLAGS_TP_DONE ( 1 << 1 )
#define APPID_HA_FLAGS_SVC_DONE ( 1 << 2 )
assert(buf);
AppIdSessionHA* appHA = (AppIdSessionHA*)buf;
AppIdSession* asd = get_appid_session(flow);
- if ( asd && ( get_flow_type(flow) == APPID_FLOW_TYPE_NORMAL ) )
+ if ( asd and ( asd->common.flow_type == APPID_FLOW_TYPE_NORMAL ) )
{
appHA->flags = APPID_HA_FLAGS_APP;
if ( asd->is_tp_appid_available() )
return sizeof(*appHA);
}
-SEARCH_SUPPORT_TYPE AppIdApi::get_http_search(Flow& flow)
+AppIdSessionApi* AppIdApi::create_appid_session_api(Flow& flow)
{
- SEARCH_SUPPORT_TYPE sst = UNKNOWN_SEARCH_ENGINE;
-
- if ( AppIdSession* asd = get_appid_session(flow) )
- sst = (asd->search_support_type != UNKNOWN_SEARCH_ENGINE) ?
- asd->search_support_type : NOT_A_SEARCH_ENGINE;
-
- return sst;
-}
+ AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
-AppIdDnsSession* AppIdApi::get_dns_session(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->get_dns_session();
- else
- return nullptr;
-}
+ if (asd and asd->common.flow_type == APPID_FLOW_TYPE_NORMAL)
+ return new AppIdSessionApi(asd);
-AppIdHttpSession* AppIdApi::get_http_session(Flow& flow)
-{
- if ( AppIdSession* asd = get_appid_session(flow) )
- return asd->get_http_session();
- else
- return nullptr;
+ return nullptr;
}
-bool AppIdApi::is_http_inspection_done(Flow& flow)
+void AppIdApi::free_appid_session_api(AppIdSessionApi* api)
{
- bool done = true;
-
- if ( AppIdSession* asd = get_appid_session(flow) )
- if ( ( asd->common.flow_type == APPID_FLOW_TYPE_NORMAL ) &&
- !asd->is_tp_appid_done() )
- done = false;
-
- return done;
+ delete api;
}
-
#ifndef APPID_API_H
#define APPID_API_H
-#include "application_ids.h"
#include "flow/flow.h"
+#include "sfip/sf_ip.h"
+#include "appid_session_api.h"
+#include "application_ids.h"
enum class IpProtocol : uint8_t;
-class AppIdDnsSession;
-class AppIdHttpSession;
class AppIdSession;
namespace snort
{
-#define APPID_SESSION_RESPONDER_MONITORED (1ULL << 0)
-#define APPID_SESSION_INITIATOR_MONITORED (1ULL << 1)
-#define APPID_SESSION_SPECIAL_MONITORED (1ULL << 2)
-#define APPID_SESSION_IGNORE_FLOW_LOGGED (1ULL << 3)
-#define APPID_SESSION_EXPECTED_EVALUATE (1ULL << 4)
-#define APPID_SESSION_DISCOVER_USER (1ULL << 5)
-#define APPID_SESSION_HAS_DHCP_FP (1ULL << 6)
-#define APPID_SESSION_HAS_DHCP_INFO (1ULL << 7)
-#define APPID_SESSION_HAS_SMB_INFO (1ULL << 8)
-#define APPID_SESSION_MID (1ULL << 9)
-#define APPID_SESSION_OOO (1ULL << 10)
-#define APPID_SESSION_SYN_RST (1ULL << 11)
-/**Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction.
- * Detectors should set this flag by verifying that packet from initiator is indeed a packet from responder.
- * Setting this flag without this check will cause RNA to not try other detectors in some cases (see bug 77551).*/
-#define APPID_SESSION_UDP_REVERSED (1ULL << 12)
-#define APPID_SESSION_HTTP_SESSION (1ULL << 13)
-/**Service protocol was detected */
-#define APPID_SESSION_SERVICE_DETECTED (1ULL << 14)
-/**Finished with client app detection */
-#define APPID_SESSION_CLIENT_DETECTED (1ULL << 15)
-/**Flow is a data connection not a service */
-#define APPID_SESSION_NOT_A_SERVICE (1ULL << 16)
-#define APPID_SESSION_DECRYPTED (1ULL << 17)
-#define APPID_SESSION_SERVICE_DELETED (1ULL << 18)
-//The following attributes are references only with appId
-/**Continue calling the routine after the service has been identified. */
-#define APPID_SESSION_CONTINUE (1ULL << 19)
-/**Call service detection even if the host does not exist */
-#define APPID_SESSION_IGNORE_HOST (1ULL << 20)
-/**Service protocol had incompatible client data */
-#define APPID_SESSION_INCOMPATIBLE (1ULL << 21)
-/**we are ready to see out of network Server packets */
-#define APPID_SESSION_CLIENT_GETS_SERVER_PACKETS (1ULL << 22)
-#define APPID_SESSION_DISCOVER_APP (1ULL << 23)
-#define APPID_SESSION_PORT_SERVICE_DONE (1ULL << 24)
-#define APPID_SESSION_ADDITIONAL_PACKET (1ULL << 25)
-#define APPID_SESSION_RESPONDER_CHECKED (1ULL << 26)
-#define APPID_SESSION_INITIATOR_CHECKED (1ULL << 27)
-#define APPID_SESSION_SSL_SESSION (1ULL << 28)
-#define APPID_SESSION_LOGIN_SUCCEEDED (1ULL << 29)
-#define APPID_SESSION_SPDY_SESSION (1ULL << 30)
-#define APPID_SESSION_ENCRYPTED (1ULL << 31)
-#define APPID_SESSION_APP_REINSPECT (1ULL << 32)
-#define APPID_SESSION_RESPONSE_CODE_CHECKED (1ULL << 33)
-#define APPID_SESSION_REXEC_STDERR (1ULL << 34)
-#define APPID_SESSION_CHP_INSPECTING (1ULL << 35)
-#define APPID_SESSION_STICKY_SERVICE (1ULL << 36)
-#define APPID_SESSION_APP_REINSPECT_SSL (1ULL << 37)
-#define APPID_SESSION_NO_TPI (1ULL << 38)
-#define APPID_SESSION_IGNORE_FLOW (1ULL << 39)
-#define APPID_SESSION_IGNORE_ID_FLAGS \
- (APPID_SESSION_IGNORE_FLOW | \
- APPID_SESSION_NOT_A_SERVICE | \
- APPID_SESSION_NO_TPI | \
- APPID_SESSION_SERVICE_DETECTED | \
- APPID_SESSION_PORT_SERVICE_DONE)
-const uint64_t APPID_SESSION_ALL_FLAGS = 0xFFFFFFFFFFFFFFFFULL;
-
-enum APPID_FLOW_TYPE
-{
- APPID_FLOW_TYPE_IGNORE,
- APPID_FLOW_TYPE_NORMAL,
- APPID_FLOW_TYPE_TMP
-};
-
-struct AppIdServiceSubtype
-{
- AppIdServiceSubtype* next;
- const char* service;
- const char* vendor;
- const char* version;
-};
-
-#define DHCP_OP55_MAX_SIZE 64
-#define DHCP_OP60_MAX_SIZE 64
-
-struct DHCPData
-{
- DHCPData* next;
- unsigned op55_len;
- unsigned op60_len;
- uint8_t op55[DHCP_OP55_MAX_SIZE];
- uint8_t op60[DHCP_OP60_MAX_SIZE];
- uint8_t eth_addr[6];
-};
-
-struct DHCPInfo
-{
- DHCPInfo* next;
- uint32_t ipAddr;
- uint8_t eth_addr[6];
- uint32_t subnetmask;
- uint32_t leaseSecs;
- uint32_t router;
-};
-
-struct FpSMBData
-{
- FpSMBData* next;
- unsigned major;
- unsigned minor;
- uint32_t flags;
-};
#define APPID_HA_SESSION_APP_NUM_MAX 8 // maximum number of appIds replicated for a flow/session
AppId appId[APPID_HA_SESSION_APP_NUM_MAX];
};
-enum SEARCH_SUPPORT_TYPE
-{
- NOT_A_SEARCH_ENGINE,
- SUPPORTED_SEARCH_ENGINE,
- UNSUPPORTED_SEARCH_ENGINE,
- UNKNOWN_SEARCH_ENGINE,
-};
-
// -----------------------------------------------------------------------------
// AppId API
// -----------------------------------------------------------------------------
-struct SfIp;
-
class SO_PUBLIC AppIdApi
{
public:
SO_PRIVATE AppIdApi() = default;
- AppIdSession* get_appid_session(Flow&);
+ AppIdSession* get_appid_session(Flow& flow);
const char* get_application_name(AppId app_id);
- const char* get_application_name(Flow*, bool from_client);
+ const char* get_application_name(Flow& flow, bool from_client);
AppId get_application_id(const char* appName);
- AppId get_service_app_id(Flow&);
- AppId get_port_service_app_id(Flow&);
- AppId get_only_service_app_id(Flow&);
- AppId get_misc_app_id(Flow&);
- AppId get_client_app_id(Flow&);
- AppId get_payload_app_id(Flow&);
- AppId get_referred_app_id(Flow&);
- AppId get_fw_service_app_id(Flow&);
- AppId get_fw_misc_app_id(Flow&);
- AppId get_fw_client_app_id(Flow&);
- AppId get_fw_payload_app_id(Flow&);
- AppId get_fw_referred_app_id(Flow&);
- bool is_ssl_session_decrypted(Flow&);
- bool is_appid_inspecting_session(Flow&);
- bool is_appid_available(Flow&);
- const char* get_user_name(Flow&, AppId* service, bool* isLoginSuccessful);
- const char* get_client_version(Flow&);
- uint64_t get_appid_session_attribute(Flow&, uint64_t flag);
- APPID_FLOW_TYPE get_flow_type(Flow&);
- void get_service_info(Flow&, const char** vendor, const char** version,
- AppIdServiceSubtype**);
- short get_service_port(Flow&);
- SfIp* get_service_ip(Flow&);
- SfIp* get_initiator_ip(Flow&);
- AppIdDnsSession* get_dns_session(Flow&);
- AppIdHttpSession* get_http_session(Flow&);
- SEARCH_SUPPORT_TYPE get_http_search(Flow&);
- char* get_tls_host(Flow&);
- DHCPData* get_dhcp_fp_data(Flow&);
- void free_dhcp_fp_data(Flow&, DHCPData*);
- DHCPInfo* get_dhcp_info(Flow&);
- void free_dhcp_info(Flow&, DHCPInfo*);
- FpSMBData* get_smb_fp_data(Flow&);
- void free_smb_fp_data(Flow&, FpSMBData*);
- const char* get_netbios_name(Flow&);
uint32_t produce_ha_state(Flow& flow, uint8_t* buf);
uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol,
SfIp*, uint16_t initiatorPort);
- bool is_http_inspection_done(Flow&);
+ AppIdSessionApi* create_appid_session_api(Flow& flow);
+ void free_appid_session_api(AppIdSessionApi* api);
};
SO_PUBLIC extern AppIdApi appid_api;
if (asd->get_session_flags(APPID_SESSION_IGNORE_FLOW))
{
+ if (!asd->get_session_flags(APPID_SESSION_IGNORE_FLOW_IDED))
+ {
+ asd->set_application_ids(asd->pick_service_app_id(), asd->pick_client_app_id(),
+ asd->pick_payload_app_id(), asd->pick_misc_app_id());
+ asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_IDED);
+ }
+
if (appidDebug->is_active() &&
!asd->get_session_flags(APPID_SESSION_IGNORE_FLOW_LOGGED))
{
asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_LOGGED);
+
LogMessage("AppIdDbg %s Ignoring connection with service %d\n",
appidDebug->get_debug_session(), asd->service.get_id());
}
service_disco_state = APPID_DISCO_STATE_FINISHED;
- if ( (is_tp_appid_available() || get_session_flags(APPID_SESSION_NO_TPI) )
+ if ( (is_tp_appid_available() or get_session_flags(APPID_SESSION_NO_TPI) )
and payload.get_id() == APP_ID_NONE )
payload.set_id(APP_ID_UNKNOWN);
AppId AppIdSession::pick_fw_service_app_id()
{
- AppId appId = pick_service_app_id();
+ AppId appId = application_ids[APP_PROTOID_SERVICE];
if (appId == APP_ID_NONE || appId== APP_ID_UNKNOWN_UI)
appId = encrypted.service_id;
return appId;
AppId AppIdSession::pick_fw_misc_app_id()
{
- AppId appId = pick_misc_app_id();
+ AppId appId = application_ids[APP_PROTOID_MISC];
if (appId == APP_ID_NONE)
appId = encrypted.misc_id;
return appId;
AppId AppIdSession::pick_fw_client_app_id()
{
- AppId appId = pick_client_app_id();
- return appId;
+ return application_ids[APP_PROTOID_CLIENT];
}
AppId AppIdSession::pick_fw_payload_app_id()
{
- AppId appId = pick_payload_app_id();
+ AppId appId = application_ids[APP_PROTOID_PAYLOAD];
if (appId == APP_ID_NONE)
appId = encrypted.payload_id;
return appId;
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved.
+// Copyright (C) 2005-2013 Sourcefire, Inc.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// appid_session_api.cc author Sourcefire Inc.
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "appid_session_api.h"
+
+#include "appid_session.h"
+#include "service_plugins/service_bootp.h"
+#include "service_plugins/service_netbios.h"
+
+#define SSL_WHITELIST_PKT_LIMIT 20
+
+using namespace snort;
+
+bool AppIdSessionApi::refresh(Flow& flow)
+{
+ AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
+
+ if (new_asd and new_asd->common.flow_type == APPID_FLOW_TYPE_NORMAL)
+ {
+ asd = new_asd;
+ return true;
+ }
+ return false;
+}
+
+AppId AppIdSessionApi::get_service_app_id()
+{
+ return asd->pick_service_app_id();
+}
+
+AppId AppIdSessionApi::get_port_service_app_id()
+{
+ return asd->service.get_port_service_id();
+}
+
+AppId AppIdSessionApi::get_only_service_app_id()
+{
+ return asd->pick_only_service_app_id();
+}
+
+AppId AppIdSessionApi::get_misc_app_id()
+{
+ return asd->pick_misc_app_id();
+}
+
+AppId AppIdSessionApi::get_client_app_id()
+{
+ return asd->pick_client_app_id();
+}
+
+AppId AppIdSessionApi::get_payload_app_id()
+{
+ return asd->pick_payload_app_id();
+}
+
+AppId AppIdSessionApi::get_referred_app_id()
+{
+ return asd->pick_referred_payload_app_id();
+}
+
+AppId AppIdSessionApi::get_fw_service_app_id()
+{
+ return asd->pick_fw_service_app_id();
+}
+
+AppId AppIdSessionApi::get_fw_misc_app_id()
+{
+ return asd->pick_fw_misc_app_id();
+}
+
+AppId AppIdSessionApi::get_fw_client_app_id()
+{
+ return asd->pick_fw_client_app_id();
+}
+
+AppId AppIdSessionApi::get_fw_payload_app_id()
+{
+ return asd->pick_fw_payload_app_id();
+}
+
+AppId AppIdSessionApi::get_fw_referred_app_id()
+{
+ return asd->pick_fw_referred_payload_app_id();
+}
+
+bool AppIdSessionApi::is_ssl_session_decrypted()
+{
+ return asd->is_ssl_session_decrypted();
+}
+
+bool AppIdSessionApi::is_appid_inspecting_session()
+{
+ if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or
+ !asd->is_tp_appid_done() or
+ asd->get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) or
+ (asd->get_session_flags(APPID_SESSION_ENCRYPTED) and
+ (asd->get_session_flags(APPID_SESSION_DECRYPTED) or
+ asd->session_packet_count < SSL_WHITELIST_PKT_LIMIT)) )
+ {
+ return true;
+ }
+
+ if ( asd->client_disco_state != APPID_DISCO_STATE_FINISHED and
+ (!asd->is_client_detected() or
+ (asd->service_disco_state != APPID_DISCO_STATE_STATEFUL
+ and asd->get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))) )
+ {
+ return true;
+ }
+
+ if ( asd->get_tp_app_id() == APP_ID_SSH and asd->payload.get_id() != APP_ID_SFTP and
+ asd->session_packet_count < MAX_SFTP_PACKET_COUNT )
+ {
+ return true;
+ }
+
+ return false;
+}
+
+const char* AppIdSessionApi::get_user_name(AppId* service, bool* isLoginSuccessful)
+{
+ *service = asd->client.get_user_id();
+ *isLoginSuccessful = asd->get_session_flags(APPID_SESSION_LOGIN_SUCCEEDED) ? true : false;
+ return asd->client.get_username();
+}
+
+bool AppIdSessionApi::is_appid_available()
+{
+ return ( (asd->service.get_id() != APP_ID_NONE ||
+ asd->payload.get_id() != APP_ID_NONE) &&
+ (asd->is_tp_appid_available() ||
+ asd->get_session_flags(APPID_SESSION_NO_TPI)) );
+}
+
+const char* AppIdSessionApi::get_client_version()
+{
+ return asd->client.get_version();
+}
+
+uint64_t AppIdSessionApi::get_appid_session_attribute(uint64_t flags)
+{
+ return asd->get_session_flags(flags);
+}
+
+void AppIdSessionApi::get_service_info(const char** vendor, const char** version,
+ AppIdServiceSubtype** subtype)
+{
+ *vendor = asd->service.get_vendor();
+ *version = asd->service.get_version();
+ *subtype = asd->subtype;
+}
+
+short AppIdSessionApi::get_service_port()
+{
+ return asd->service_port;
+}
+
+char* AppIdSessionApi::get_tls_host()
+{
+ if (asd->tsession)
+ return asd->tsession->tls_host;
+
+ return nullptr;
+}
+
+SfIp* AppIdSessionApi::get_service_ip()
+{
+ return &asd->service_ip;
+}
+
+SfIp* AppIdSessionApi::get_initiator_ip()
+{
+ return &asd->common.initiator_ip;
+}
+
+DHCPData* AppIdSessionApi::get_dhcp_fp_data()
+{
+ if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_FP))
+ return static_cast<DHCPData*>(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_FP_DATA));
+
+ return nullptr;
+}
+
+void AppIdSessionApi::free_dhcp_fp_data(DHCPData* data)
+{
+ asd->clear_session_flags(APPID_SESSION_HAS_DHCP_FP);
+ BootpServiceDetector::AppIdFreeDhcpData(data);
+}
+
+DHCPInfo* AppIdSessionApi::get_dhcp_info()
+{
+ if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_INFO))
+ return static_cast<DHCPInfo*>(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_INFO));
+
+ return nullptr;
+}
+
+void AppIdSessionApi::free_dhcp_info(DHCPInfo* data)
+{
+ asd->clear_session_flags(APPID_SESSION_HAS_DHCP_INFO);
+ BootpServiceDetector::AppIdFreeDhcpInfo(data);
+}
+
+FpSMBData* AppIdSessionApi::get_smb_fp_data()
+{
+ if (asd->get_session_flags(APPID_SESSION_HAS_SMB_INFO))
+ return static_cast<FpSMBData*>(asd->remove_flow_data(APPID_SESSION_DATA_SMB_DATA));
+
+ return nullptr;
+}
+
+void AppIdSessionApi::free_smb_fp_data(FpSMBData* data)
+{
+ asd->clear_session_flags(APPID_SESSION_HAS_SMB_INFO);
+ NbdgmServiceDetector::AppIdFreeSMBData(data);
+}
+
+const char* AppIdSessionApi::get_netbios_name()
+{
+ return asd->netbios_name;
+}
+
+SEARCH_SUPPORT_TYPE AppIdSessionApi::get_http_search()
+{
+ return (asd->search_support_type != UNKNOWN_SEARCH_ENGINE) ?
+ asd->search_support_type : NOT_A_SEARCH_ENGINE;
+}
+
+AppIdDnsSession* AppIdSessionApi::get_dns_session()
+{
+ return asd->get_dns_session();
+}
+
+AppIdHttpSession* AppIdSessionApi::get_http_session()
+{
+ return asd->get_http_session();
+}
+
+bool AppIdSessionApi::is_http_inspection_done()
+{
+ return asd->is_tp_appid_done();
+}
+
+
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved.
+// Copyright (C) 2005-2013 Sourcefire, Inc.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// appid_session_api.h author Sourcefire Inc.
+
+#ifndef APPID_SESSION_API_H
+#define APPID_SESSION_API_H
+
+#include "flow/flow.h"
+#include "main/snort_types.h"
+#include "sfip/sf_ip.h"
+#include "application_ids.h"
+
+class AppIdDnsSession;
+class AppIdHttpSession;
+class AppIdSession;
+
+namespace snort
+{
+#define APPID_SESSION_RESPONDER_MONITORED (1ULL << 0)
+#define APPID_SESSION_INITIATOR_MONITORED (1ULL << 1)
+#define APPID_SESSION_SPECIAL_MONITORED (1ULL << 2)
+#define APPID_SESSION_IGNORE_FLOW_LOGGED (1ULL << 3)
+#define APPID_SESSION_EXPECTED_EVALUATE (1ULL << 4)
+#define APPID_SESSION_DISCOVER_USER (1ULL << 5)
+#define APPID_SESSION_HAS_DHCP_FP (1ULL << 6)
+#define APPID_SESSION_HAS_DHCP_INFO (1ULL << 7)
+#define APPID_SESSION_HAS_SMB_INFO (1ULL << 8)
+#define APPID_SESSION_MID (1ULL << 9)
+#define APPID_SESSION_OOO (1ULL << 10)
+#define APPID_SESSION_SYN_RST (1ULL << 11)
+/**Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction.
+ * Detectors should set this flag by verifying that packet from initiator is indeed a packet from responder.
+ * Setting this flag without this check will cause RNA to not try other detectors in some cases (see bug 77551).*/
+#define APPID_SESSION_UDP_REVERSED (1ULL << 12)
+#define APPID_SESSION_HTTP_SESSION (1ULL << 13)
+/**Service protocol was detected */
+#define APPID_SESSION_SERVICE_DETECTED (1ULL << 14)
+/**Finished with client app detection */
+#define APPID_SESSION_CLIENT_DETECTED (1ULL << 15)
+/**Flow is a data connection not a service */
+#define APPID_SESSION_NOT_A_SERVICE (1ULL << 16)
+#define APPID_SESSION_DECRYPTED (1ULL << 17)
+#define APPID_SESSION_SERVICE_DELETED (1ULL << 18)
+//The following attributes are references only with appId
+/**Continue calling the routine after the service has been identified. */
+#define APPID_SESSION_CONTINUE (1ULL << 19)
+/**Call service detection even if the host does not exist */
+#define APPID_SESSION_IGNORE_HOST (1ULL << 20)
+/**Service protocol had incompatible client data */
+#define APPID_SESSION_INCOMPATIBLE (1ULL << 21)
+/**we are ready to see out of network Server packets */
+#define APPID_SESSION_CLIENT_GETS_SERVER_PACKETS (1ULL << 22)
+#define APPID_SESSION_DISCOVER_APP (1ULL << 23)
+#define APPID_SESSION_PORT_SERVICE_DONE (1ULL << 24)
+#define APPID_SESSION_ADDITIONAL_PACKET (1ULL << 25)
+#define APPID_SESSION_RESPONDER_CHECKED (1ULL << 26)
+#define APPID_SESSION_INITIATOR_CHECKED (1ULL << 27)
+#define APPID_SESSION_SSL_SESSION (1ULL << 28)
+#define APPID_SESSION_LOGIN_SUCCEEDED (1ULL << 29)
+#define APPID_SESSION_SPDY_SESSION (1ULL << 30)
+#define APPID_SESSION_ENCRYPTED (1ULL << 31)
+#define APPID_SESSION_APP_REINSPECT (1ULL << 32)
+#define APPID_SESSION_RESPONSE_CODE_CHECKED (1ULL << 33)
+#define APPID_SESSION_REXEC_STDERR (1ULL << 34)
+#define APPID_SESSION_CHP_INSPECTING (1ULL << 35)
+#define APPID_SESSION_STICKY_SERVICE (1ULL << 36)
+#define APPID_SESSION_APP_REINSPECT_SSL (1ULL << 37)
+#define APPID_SESSION_NO_TPI (1ULL << 38)
+#define APPID_SESSION_IGNORE_FLOW (1ULL << 39)
+#define APPID_SESSION_IGNORE_FLOW_IDED (1ULL << 40)
+#define APPID_SESSION_IGNORE_ID_FLAGS \
+ (APPID_SESSION_IGNORE_FLOW | \
+ APPID_SESSION_NOT_A_SERVICE | \
+ APPID_SESSION_NO_TPI | \
+ APPID_SESSION_SERVICE_DETECTED | \
+ APPID_SESSION_PORT_SERVICE_DONE)
+const uint64_t APPID_SESSION_ALL_FLAGS = 0xFFFFFFFFFFFFFFFFULL;
+
+enum APPID_FLOW_TYPE
+{
+ APPID_FLOW_TYPE_IGNORE,
+ APPID_FLOW_TYPE_NORMAL,
+ APPID_FLOW_TYPE_TMP
+};
+
+struct AppIdServiceSubtype
+{
+ AppIdServiceSubtype* next;
+ const char* service;
+ const char* vendor;
+ const char* version;
+};
+
+#define DHCP_OP55_MAX_SIZE 64
+#define DHCP_OP60_MAX_SIZE 64
+
+struct DHCPData
+{
+ DHCPData* next;
+ unsigned op55_len;
+ unsigned op60_len;
+ uint8_t op55[DHCP_OP55_MAX_SIZE];
+ uint8_t op60[DHCP_OP60_MAX_SIZE];
+ uint8_t eth_addr[6];
+};
+
+struct DHCPInfo
+{
+ DHCPInfo* next;
+ uint32_t ipAddr;
+ uint8_t eth_addr[6];
+ uint32_t subnetmask;
+ uint32_t leaseSecs;
+ uint32_t router;
+};
+
+struct FpSMBData
+{
+ FpSMBData* next;
+ unsigned major;
+ unsigned minor;
+ uint32_t flags;
+};
+
+enum SEARCH_SUPPORT_TYPE
+{
+ NOT_A_SEARCH_ENGINE,
+ SUPPORTED_SEARCH_ENGINE,
+ UNSUPPORTED_SEARCH_ENGINE,
+ UNKNOWN_SEARCH_ENGINE,
+};
+
+
+class SO_PUBLIC AppIdSessionApi
+{
+public:
+ AppIdSessionApi(AppIdSession* asd) : asd(asd) {}
+ bool refresh(Flow& flow);
+ AppId get_service_app_id();
+ AppId get_port_service_app_id();
+ AppId get_only_service_app_id();
+ AppId get_misc_app_id();
+ AppId get_client_app_id();
+ AppId get_payload_app_id();
+ AppId get_referred_app_id();
+ AppId get_fw_service_app_id();
+ AppId get_fw_misc_app_id();
+ AppId get_fw_client_app_id();
+ AppId get_fw_payload_app_id();
+ AppId get_fw_referred_app_id();
+ bool is_ssl_session_decrypted();
+ bool is_appid_inspecting_session();
+ bool is_appid_available();
+ const char* get_user_name(AppId* service, bool* isLoginSuccessful);
+ const char* get_client_version();
+ uint64_t get_appid_session_attribute(uint64_t flag);
+ APPID_FLOW_TYPE get_flow_type();
+ void get_service_info(const char** vendor, const char** version,
+ AppIdServiceSubtype**);
+ short get_service_port();
+ SfIp* get_service_ip();
+ SfIp* get_initiator_ip();
+ AppIdDnsSession* get_dns_session();
+ AppIdHttpSession* get_http_session();
+ SEARCH_SUPPORT_TYPE get_http_search();
+ char* get_tls_host();
+ DHCPData* get_dhcp_fp_data();
+ void free_dhcp_fp_data(DHCPData*);
+ DHCPInfo* get_dhcp_info();
+ void free_dhcp_info(DHCPInfo*);
+ FpSMBData* get_smb_fp_data();
+ void free_smb_fp_data(FpSMBData*);
+ const char* get_netbios_name();
+ bool is_http_inspection_done();
+
+private:
+ AppIdSession* asd;
+};
+
+}
+#endif
SOURCES $<TARGET_OBJECTS:appid_cpputest_deps>
)
+add_cpputest( appid_session_api_test
+ SOURCES $<TARGET_OBJECTS:appid_cpputest_deps>
+)
+
add_cpputest( appid_detector_test
SOURCES $<TARGET_OBJECTS:appid_cpputest_deps>
)
using namespace snort;
-void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data)
-{
- delete data;
-}
-
-void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* info)
-{
- delete info;
-}
-
-void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data)
-{
- delete data;
-}
-
const char* AppInfoManager::get_app_name(AppId)
{
return test_app_name;
CHECK_EQUAL(id, 1492);
}
-TEST(appid_api, get_service_app_id)
-{
- AppId id = appid_api.get_service_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_port_service_app_id)
-{
- AppId id = appid_api.get_port_service_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID + 3);
-}
-
-TEST(appid_api, get_only_service_app_id)
-{
- AppId id = appid_api.get_only_service_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_misc_app_id)
-{
- AppId id = appid_api.get_misc_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_client_app_id)
-{
- AppId id = appid_api.get_client_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_payload_app_id)
-{
- AppId id = appid_api.get_payload_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_referred_app_id)
-{
- AppId id = appid_api.get_referred_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_fw_service_app_id)
-{
- AppId id = appid_api.get_fw_service_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_fw_misc_app_id)
-{
- AppId id = appid_api.get_fw_misc_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_fw_client_app_id)
-{
- AppId id = appid_api.get_fw_client_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_fw_payload_app_id)
-{
- AppId id = appid_api.get_fw_payload_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_fw_referred_app_id)
-{
- AppId id = appid_api.get_fw_referred_app_id(*flow);
- CHECK_EQUAL(id, APPID_UT_ID);
-}
-
-TEST(appid_api, get_flow_type)
-{
- APPID_FLOW_TYPE ft = appid_api.get_flow_type(*flow);
- CHECK_EQUAL(ft, APPID_FLOW_TYPE_NORMAL);
-}
-
-TEST(appid_api, get_service_port)
-{
- short sp = appid_api.get_service_port(*flow);
- CHECK_EQUAL(sp, APPID_UT_SERVICE_PORT);
-}
-
-
-TEST(appid_api, get_http_search)
-{
- SEARCH_SUPPORT_TYPE val = appid_api.get_http_search(*flow);
- CHECK_TRUE(val == NOT_A_SEARCH_ENGINE);
- mock_session->search_support_type = SUPPORTED_SEARCH_ENGINE;
- val = appid_api.get_http_search(*flow);
- CHECK_TRUE(val == SUPPORTED_SEARCH_ENGINE);
- mock_session->search_support_type = UNSUPPORTED_SEARCH_ENGINE;
- val = appid_api.get_http_search(*flow);
- CHECK_TRUE(val == UNSUPPORTED_SEARCH_ENGINE);
- mock_session->search_support_type = NOT_A_SEARCH_ENGINE;
- val = appid_api.get_http_search(*flow);
- CHECK_TRUE(val == NOT_A_SEARCH_ENGINE);
-}
-
-TEST(appid_api, get_tls_host)
-{
- const char* val = appid_api.get_tls_host(*flow);
- STRCMP_EQUAL(val, APPID_UT_TLS_HOST);
-}
-
-TEST(appid_api, get_service_ip)
-{
- SfIp expected_ip;
-
- expected_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR);
-
- SfIp* val = appid_api.get_service_ip(*flow);
- CHECK_TRUE(val->fast_eq4(expected_ip));
-}
-
-TEST(appid_api, get_initiator_ip)
-{
- SfIp expected_ip;
-
- expected_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR);
-
- SfIp* val = appid_api.get_initiator_ip(*flow);
- CHECK_TRUE(val->fast_eq4(expected_ip));
-}
-
-TEST(appid_api, get_netbios_name)
-{
- const char* val;
- val = appid_api.get_netbios_name(*flow);
- STRCMP_EQUAL(val, APPID_UT_NETBIOS_NAME);
-}
-
-TEST(appid_api, is_ssl_session_decrypted)
-{
- bool val = appid_api.is_ssl_session_decrypted(*flow);
- CHECK_TRUE(!val);
- is_session_decrypted = true;
- val = appid_api.is_ssl_session_decrypted(*flow);
- CHECK_TRUE(val);
-}
-
-TEST(appid_api, is_appid_inspecting_session)
-{
- mock_session->service_disco_state = APPID_DISCO_STATE_STATEFUL;
- bool val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(val);
- mock_session->service_disco_state = APPID_DISCO_STATE_FINISHED;
- mock_session->set_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE);
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(val);
- mock_session->clear_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE);
- mock_session->set_session_flags(APPID_SESSION_ENCRYPTED);
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(val);
- mock_session->set_session_flags(APPID_SESSION_DECRYPTED);
- mock_session->session_packet_count = SSL_WHITELIST_PKT_LIMIT;
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(val);
-
- // 2nd if in is_appid_inspecting_session
- mock_session->clear_session_flags(APPID_SESSION_DECRYPTED);
- mock_session->set_session_flags(APPID_SESSION_CLIENT_DETECTED);
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(!val);
- mock_session->set_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(val);
- mock_session->client_disco_state = APPID_DISCO_STATE_FINISHED;
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(!val);
-
- // 3rd if in is_appid_inspecting_session
- mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT;
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(!val);
- mock_session->payload.set_id(APP_ID_SFTP);
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(!val);
- mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT - 1;
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(!val);
- mock_session->payload.set_id(APP_ID_NONE);
- mock_session->set_tp_app_id(APP_ID_SSH);
- val = appid_api.is_appid_inspecting_session(*flow);
- CHECK_TRUE(val);
-}
-
-TEST(appid_api, get_user_name)
-{
- AppId service;
- bool isLoginSuccessful;
-
- const char* val;
- val = appid_api.get_user_name(*flow, &service, &isLoginSuccessful);
- STRCMP_EQUAL(val, APPID_UT_USERNAME);
- CHECK_TRUE(service == APPID_UT_ID);
- CHECK_TRUE(!isLoginSuccessful);
- mock_session->set_session_flags(APPID_SESSION_LOGIN_SUCCEEDED);
- val = appid_api.get_user_name(*flow, &service, &isLoginSuccessful);
- CHECK_TRUE(service == APPID_UT_ID);
- CHECK_TRUE(isLoginSuccessful);
-}
-
-TEST(appid_api, is_appid_available)
-{
- bool val;
- val = appid_api.is_appid_available(*flow);
- CHECK_TRUE(val);
- mock_session->set_session_flags(APPID_SESSION_NO_TPI);
- val = appid_api.is_appid_available(*flow);
- CHECK_TRUE(val);
-}
-
-TEST(appid_api, get_client_version)
-{
- const char* val;
- val = appid_api.get_client_version(*flow);
- STRCMP_EQUAL(val, APPID_UT_CLIENT_VERSION);
-}
-
-TEST(appid_api, get_appid_session_attribute)
-{
- uint64_t flags = 0x0000000000000001;
-
- for ( unsigned i = 0; i < 64; i++ )
- {
- flags <<= i;
- mock_session->set_session_flags(flags);
- uint64_t fv = appid_api.get_appid_session_attribute(*flow, flags);
- CHECK_TRUE((fv & flags) == flags);
- mock_session->clear_session_flags(flags);
- fv = appid_api.get_appid_session_attribute(*flow, flags);
- CHECK_TRUE((fv & flags) == 0)
- }
-}
-
-TEST(appid_api, get_service_info)
-{
- const char* serviceVendor;
- const char* serviceVersion;
- AppIdServiceSubtype* serviceSubtype;
-
- appid_api.get_service_info(*flow, &serviceVendor, &serviceVersion, &serviceSubtype);
- STRCMP_EQUAL(serviceVendor, APPID_UT_SERVICE_VENDOR);
- STRCMP_EQUAL(serviceVersion, APPID_UT_SERVICE_VERSION);
- STRCMP_EQUAL(serviceSubtype->service, APPID_UT_SERVICE);
- STRCMP_EQUAL(serviceSubtype->vendor, APPID_UT_SERVICE_VENDOR);
- STRCMP_EQUAL(serviceSubtype->version, APPID_UT_SERVICE_VERSION);
-}
-
-TEST(appid_api, appid_dns_api)
-{
- AppIdDnsSession* dsession = appid_api.get_dns_session(*flow);
-
- const char* val = dsession->get_host();
- STRCMP_EQUAL(val, APPID_ID_UT_DNS_HOST);
- uint8_t query_len = dsession->get_host_len();
- CHECK_TRUE(query_len == strlen(APPID_ID_UT_DNS_HOST));
-
- uint16_t qoff;
- qoff = dsession->get_host_offset();
- CHECK_TRUE(qoff == APPID_UT_DNS_HOST_OFFSET);
-
- uint16_t rt;
- rt = dsession->get_record_type();
- CHECK_TRUE(rt == APPID_UT_DNS_PATTERN_CNAME_REC);
-
- uint8_t rc;
- rc = dsession->get_response_type();
- CHECK_TRUE(rc == APPID_UT_DNS_NOERROR);
-
- uint32_t ttl;
- ttl = dsession->get_ttl();
- CHECK_TRUE(ttl == APPID_UT_DNS_TTL);
-}
-
-TEST(appid_api, dhcp_fp_data)
-{
- DHCPData* val;
- val = appid_api.get_dhcp_fp_data(*flow);
- CHECK_TRUE(!val);
- val = new DHCPData;
- mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_FP_DATA, nullptr);
- val = appid_api.get_dhcp_fp_data(*flow);
- CHECK_TRUE(val);
- appid_api.free_dhcp_fp_data(*flow, val);
- val = appid_api.get_dhcp_fp_data(*flow);
- CHECK_TRUE(!val);
-}
-
-TEST(appid_api, dhcp_info)
-{
- DHCPInfo* val;
- val = appid_api.get_dhcp_info(*flow);
- CHECK_TRUE(!val);
- val = new DHCPInfo;
- mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_INFO, nullptr);
- val = appid_api.get_dhcp_info(*flow);
- CHECK_TRUE(val);
- appid_api.free_dhcp_info(*flow, val);
- val = appid_api.get_dhcp_info(*flow);
- CHECK_TRUE(!val);
-}
-
-TEST(appid_api, smb_fp_data)
-{
- FpSMBData* val;
- val = appid_api.get_smb_fp_data(*flow);
- CHECK_TRUE(!val);
- val = new FpSMBData;
- mock_session->add_flow_data(val, APPID_SESSION_DATA_SMB_DATA, nullptr);
- val = appid_api.get_smb_fp_data(*flow);
- CHECK_TRUE(val);
- appid_api.free_smb_fp_data(*flow, val);
- val = appid_api.get_smb_fp_data(*flow);
- CHECK_TRUE(!val);
-}
-
-TEST(appid_api, is_http_inspection_done)
-{
- bool val;
- val = appid_api.is_http_inspection_done(*flow);
- CHECK_TRUE(val);
-}
-
// FIXIT - enable this test when consume ha appid api call is fixed
#ifdef APPID_HA_SUPPORT_ENABLED
TEST(appid_api, produce_ha_state)
}
#endif
+TEST(appid_api, create_appid_session_api)
+{
+ AppIdSessionApi* appid_session_api = appid_api.create_appid_session_api(*flow);
+ CHECK_TRUE(appid_session_api);
+ appid_api.free_appid_session_api(appid_session_api);
+
+ Flow* old_flow = flow;
+ flow = new Flow;
+ flow->set_flow_data(nullptr);
+ appid_session_api = appid_api.create_appid_session_api(*flow);
+ CHECK_FALSE(appid_session_api);
+
+ AppIdSession ignore_asd(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ ignore_asd.common.flow_type = APPID_FLOW_TYPE_IGNORE;
+ flow->set_flow_data(&ignore_asd);
+ appid_session_api = appid_api.create_appid_session_api(*flow);
+ CHECK_FALSE(appid_session_api);
+
+ delete flow;
+ flow = old_flow;
+}
+
int main(int argc, char** argv)
{
mock_init_appid_pegs();
// appid_mock_inspector.h author davis mcpherson <davmcphe@cisco.com>
+#ifndef APPID_MOCK_INSPECTOR_H
+#define APPID_MOCK_INSPECTOR_H
+
typedef uint64_t Trace;
class Value;
AppIdModule appid_mod;
AppIdInspector appid_inspector( appid_mod );
+
+#endif
#include "appid_dns_session.h"
#include "appid_mock_flow.h"
#include "appid_mock_http_session.h"
+#include "appid_mock_inspector.h"
bool is_session_decrypted = false;
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2016-2018 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// appid_session_api_test.cc author davis mcpherson <davmcphe@cisco.com>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "network_inspectors/appid/appid_session_api.cc"
+
+#include "appid_mock_definitions.h"
+#include "appid_mock_session.h"
+
+#include <CppUTest/CommandLineTestRunner.h>
+#include <CppUTest/TestHarness.h>
+
+void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data)
+{
+ delete data;
+}
+
+void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* info)
+{
+ delete info;
+}
+
+void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data)
+{
+ delete data;
+}
+
+AppIdSession* mock_session = nullptr;
+AppIdSessionApi* appid_session_api = nullptr;
+
+TEST_GROUP(appid_session_api)
+{
+ void setup() override
+ {
+ MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
+ appid_session_api = new AppIdSessionApi(mock_session);
+ }
+
+ void teardown() override
+ {
+ delete appid_session_api;
+ MemoryLeakWarningPlugin::turnOnNewDeleteOverloads();
+ }
+};
+
+TEST(appid_session_api, get_service_app_id)
+{
+ AppId id = appid_session_api->get_service_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_port_service_app_id)
+{
+ AppId id = appid_session_api->get_port_service_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID + 3);
+}
+
+TEST(appid_session_api, get_only_service_app_id)
+{
+ AppId id = appid_session_api->get_only_service_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_misc_app_id)
+{
+ AppId id = appid_session_api->get_misc_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_client_app_id)
+{
+ AppId id = appid_session_api->get_client_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_payload_app_id)
+{
+ AppId id = appid_session_api->get_payload_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_referred_app_id)
+{
+ AppId id = appid_session_api->get_referred_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_fw_service_app_id)
+{
+ AppId id = appid_session_api->get_fw_service_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_fw_misc_app_id)
+{
+ AppId id = appid_session_api->get_fw_misc_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_fw_client_app_id)
+{
+ AppId id = appid_session_api->get_fw_client_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_fw_payload_app_id)
+{
+ AppId id = appid_session_api->get_fw_payload_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_fw_referred_app_id)
+{
+ AppId id = appid_session_api->get_fw_referred_app_id();
+ CHECK_EQUAL(id, APPID_UT_ID);
+}
+
+TEST(appid_session_api, get_service_port)
+{
+ short sp = appid_session_api->get_service_port();
+ CHECK_EQUAL(sp, APPID_UT_SERVICE_PORT);
+}
+
+
+TEST(appid_session_api, get_http_search)
+{
+ SEARCH_SUPPORT_TYPE val = appid_session_api->get_http_search();
+ CHECK_TRUE(val == NOT_A_SEARCH_ENGINE);
+ mock_session->search_support_type = SUPPORTED_SEARCH_ENGINE;
+ val = appid_session_api->get_http_search();
+ CHECK_TRUE(val == SUPPORTED_SEARCH_ENGINE);
+ mock_session->search_support_type = UNSUPPORTED_SEARCH_ENGINE;
+ val = appid_session_api->get_http_search();
+ CHECK_TRUE(val == UNSUPPORTED_SEARCH_ENGINE);
+ mock_session->search_support_type = NOT_A_SEARCH_ENGINE;
+ val = appid_session_api->get_http_search();
+ CHECK_TRUE(val == NOT_A_SEARCH_ENGINE);
+}
+
+TEST(appid_session_api, get_tls_host)
+{
+ const char* val = appid_session_api->get_tls_host();
+ STRCMP_EQUAL(val, APPID_UT_TLS_HOST);
+}
+
+TEST(appid_session_api, get_service_ip)
+{
+ SfIp expected_ip;
+
+ expected_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR);
+
+ SfIp* val = appid_session_api->get_service_ip();
+ CHECK_TRUE(val->fast_eq4(expected_ip));
+}
+
+TEST(appid_session_api, get_initiator_ip)
+{
+ SfIp expected_ip;
+
+ expected_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR);
+
+ SfIp* val = appid_session_api->get_initiator_ip();
+ CHECK_TRUE(val->fast_eq4(expected_ip));
+}
+
+TEST(appid_session_api, get_netbios_name)
+{
+ const char* val;
+ val = appid_session_api->get_netbios_name();
+ STRCMP_EQUAL(val, APPID_UT_NETBIOS_NAME);
+}
+
+TEST(appid_session_api, is_ssl_session_decrypted)
+{
+ bool val = appid_session_api->is_ssl_session_decrypted();
+ CHECK_TRUE(!val);
+ is_session_decrypted = true;
+ val = appid_session_api->is_ssl_session_decrypted();
+ CHECK_TRUE(val);
+}
+
+TEST(appid_session_api, is_appid_inspecting_session)
+{
+ mock_session->service_disco_state = APPID_DISCO_STATE_STATEFUL;
+ bool val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(val);
+ mock_session->service_disco_state = APPID_DISCO_STATE_FINISHED;
+ mock_session->set_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE);
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(val);
+ mock_session->clear_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE);
+ mock_session->set_session_flags(APPID_SESSION_ENCRYPTED);
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(val);
+ mock_session->set_session_flags(APPID_SESSION_DECRYPTED);
+ mock_session->session_packet_count = SSL_WHITELIST_PKT_LIMIT;
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(val);
+
+ // 2nd if in is_appid_inspecting_session
+ mock_session->clear_session_flags(APPID_SESSION_DECRYPTED);
+ mock_session->set_session_flags(APPID_SESSION_CLIENT_DETECTED);
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(!val);
+ mock_session->set_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(val);
+ mock_session->client_disco_state = APPID_DISCO_STATE_FINISHED;
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(!val);
+
+ // 3rd if in is_appid_inspecting_session
+ mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT;
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(!val);
+ mock_session->payload.set_id(APP_ID_SFTP);
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(!val);
+ mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT - 1;
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(!val);
+ mock_session->payload.set_id(APP_ID_NONE);
+ mock_session->set_tp_app_id(APP_ID_SSH);
+ val = appid_session_api->is_appid_inspecting_session();
+ CHECK_TRUE(val);
+}
+
+TEST(appid_session_api, get_user_name)
+{
+ AppId service;
+ bool isLoginSuccessful;
+
+ const char* val;
+ val = appid_session_api->get_user_name(&service, &isLoginSuccessful);
+ STRCMP_EQUAL(val, APPID_UT_USERNAME);
+ CHECK_TRUE(service == APPID_UT_ID);
+ CHECK_TRUE(!isLoginSuccessful);
+ mock_session->set_session_flags(APPID_SESSION_LOGIN_SUCCEEDED);
+ val = appid_session_api->get_user_name(&service, &isLoginSuccessful);
+ CHECK_TRUE(service == APPID_UT_ID);
+ CHECK_TRUE(isLoginSuccessful);
+}
+
+TEST(appid_session_api, is_appid_available)
+{
+ bool val;
+ val = appid_session_api->is_appid_available();
+ CHECK_TRUE(val);
+ mock_session->set_session_flags(APPID_SESSION_NO_TPI);
+ val = appid_session_api->is_appid_available();
+ CHECK_TRUE(val);
+}
+
+TEST(appid_session_api, get_client_version)
+{
+ const char* val;
+ val = appid_session_api->get_client_version();
+ STRCMP_EQUAL(val, APPID_UT_CLIENT_VERSION);
+}
+
+TEST(appid_session_api, get_appid_session_attribute)
+{
+ uint64_t flags = 0x0000000000000001;
+
+ for ( unsigned i = 0; i < 64; i++ )
+ {
+ flags <<= i;
+ mock_session->set_session_flags(flags);
+ uint64_t fv = appid_session_api->get_appid_session_attribute(flags);
+ CHECK_TRUE((fv & flags) == flags);
+ mock_session->clear_session_flags(flags);
+ fv = appid_session_api->get_appid_session_attribute(flags);
+ CHECK_TRUE((fv & flags) == 0)
+ }
+}
+
+TEST(appid_session_api, get_service_info)
+{
+ const char* serviceVendor;
+ const char* serviceVersion;
+ AppIdServiceSubtype* serviceSubtype;
+
+ appid_session_api->get_service_info(&serviceVendor, &serviceVersion, &serviceSubtype);
+ STRCMP_EQUAL(serviceVendor, APPID_UT_SERVICE_VENDOR);
+ STRCMP_EQUAL(serviceVersion, APPID_UT_SERVICE_VERSION);
+ STRCMP_EQUAL(serviceSubtype->service, APPID_UT_SERVICE);
+ STRCMP_EQUAL(serviceSubtype->vendor, APPID_UT_SERVICE_VENDOR);
+ STRCMP_EQUAL(serviceSubtype->version, APPID_UT_SERVICE_VERSION);
+}
+
+TEST(appid_session_api, appid_dns_api)
+{
+ AppIdDnsSession* dsession = appid_session_api->get_dns_session();
+
+ const char* val = dsession->get_host();
+ STRCMP_EQUAL(val, APPID_ID_UT_DNS_HOST);
+ uint8_t query_len = dsession->get_host_len();
+ CHECK_TRUE(query_len == strlen(APPID_ID_UT_DNS_HOST));
+
+ uint16_t qoff;
+ qoff = dsession->get_host_offset();
+ CHECK_TRUE(qoff == APPID_UT_DNS_HOST_OFFSET);
+
+ uint16_t rt;
+ rt = dsession->get_record_type();
+ CHECK_TRUE(rt == APPID_UT_DNS_PATTERN_CNAME_REC);
+
+ uint8_t rc;
+ rc = dsession->get_response_type();
+ CHECK_TRUE(rc == APPID_UT_DNS_NOERROR);
+
+ uint32_t ttl;
+ ttl = dsession->get_ttl();
+ CHECK_TRUE(ttl == APPID_UT_DNS_TTL);
+}
+
+TEST(appid_session_api, dhcp_fp_data)
+{
+ DHCPData* val;
+ val = appid_session_api->get_dhcp_fp_data();
+ CHECK_TRUE(!val);
+ val = new DHCPData;
+ mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_FP_DATA, nullptr);
+ val = appid_session_api->get_dhcp_fp_data();
+ CHECK_TRUE(val);
+ appid_session_api->free_dhcp_fp_data(val);
+ val = appid_session_api->get_dhcp_fp_data();
+ CHECK_TRUE(!val);
+}
+
+TEST(appid_session_api, dhcp_info)
+{
+ DHCPInfo* val;
+ val = appid_session_api->get_dhcp_info();
+ CHECK_TRUE(!val);
+ val = new DHCPInfo;
+ mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_INFO, nullptr);
+ val = appid_session_api->get_dhcp_info();
+ CHECK_TRUE(val);
+ appid_session_api->free_dhcp_info(val);
+ val = appid_session_api->get_dhcp_info();
+ CHECK_TRUE(!val);
+}
+
+TEST(appid_session_api, smb_fp_data)
+{
+ FpSMBData* val;
+ val = appid_session_api->get_smb_fp_data();
+ CHECK_TRUE(!val);
+ val = new FpSMBData;
+ mock_session->add_flow_data(val, APPID_SESSION_DATA_SMB_DATA, nullptr);
+ val = appid_session_api->get_smb_fp_data();
+ CHECK_TRUE(val);
+ appid_session_api->free_smb_fp_data(val);
+ val = appid_session_api->get_smb_fp_data();
+ CHECK_TRUE(!val);
+}
+
+TEST(appid_session_api, is_http_inspection_done)
+{
+ bool val;
+ val = appid_session_api->is_http_inspection_done();
+ CHECK_TRUE(val);
+}
+
+int main(int argc, char** argv)
+{
+ mock_init_appid_pegs();
+ mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ int rc = CommandLineTestRunner::RunAllTests(argc, argv);
+ mock_cleanup_appid_pegs();
+ return rc;
+}
+
projects / thirdparty / snort3.git / commitdiff
