From: Mike Stepanek (mstepane) Date: Tue, 19 Jun 2018 12:04:26 +0000 (-0400) Subject: Merge pull request #1274 in SNORT/snort3 from appid_perf_api to master X-Git-Tag: 3.0.0-246~52 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a831f4b9d855e21609030885d088b6e2e53863de;p=thirdparty%2Fsnort3.git Merge pull request #1274 in SNORT/snort3 from appid_perf_api to master Squashed commit of the following: commit 59ecfc23ea247feb5e22bf84138dac8ac68a8573 Author: Shravan Rangaraju Date: Wed Jun 13 23:34:05 2018 -0400 appid: Modify AppId APIs to improve firewall performance --- diff --git a/src/log/log_text.cc b/src/log/log_text.cc index 42068c612..02461bb7a 100644 --- a/src/log/log_text.cc +++ b/src/log/log_text.cc @@ -90,7 +90,7 @@ bool LogAppID(TextLog* log, Packet* p) { if ( p->flow ) { - const char* app_name = appid_api.get_application_name(p->flow, p->is_from_client()); + const char* app_name = appid_api.get_application_name(*p->flow, p->is_from_client()); if ( app_name ) { diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 1242b250f..d521490af 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -216,7 +216,7 @@ static void alert_event(Packet* p, const char*, Unified2Config* config, const Ev u2_event.pkt_ip_proto = (uint8_t)p->get_ip_proto_next(); const char* app_name = p->flow ? - appid_api.get_application_name(p->flow, p->is_from_client()) : nullptr; + appid_api.get_application_name(*p->flow, p->is_from_client()) : nullptr; if ( app_name ) memcpy_s(u2_event.app_name, sizeof(u2_event.app_name), @@ -671,7 +671,7 @@ static void _AlertIP4_v2(Packet* p, const char*, Unified2Config* config, const E alertdata.pad2 = htons((uint16_t)p->user_ips_policy_id); const char* app_name = p->flow ? - appid_api.get_application_name(p->flow, p->is_from_client()) : nullptr; + appid_api.get_application_name(*p->flow, p->is_from_client()) : nullptr; if ( app_name ) memcpy_s(alertdata.app_name, sizeof(alertdata.app_name), @@ -757,7 +757,7 @@ static void _AlertIP6_v2(Packet* p, const char*, Unified2Config* config, const E alertdata.pad2 = htons((uint16_t)p->user_ips_policy_id); const char* app_name = p->flow ? - appid_api.get_application_name(p->flow, p->is_from_client()) : nullptr; + appid_api.get_application_name(*p->flow, p->is_from_client()) : nullptr; if ( app_name ) memcpy_s(alertdata.app_name, sizeof(alertdata.app_name), diff --git a/src/network_inspectors/appid/CMakeLists.txt b/src/network_inspectors/appid/CMakeLists.txt index 2a460990a..0a0873351 100644 --- a/src/network_inspectors/appid/CMakeLists.txt +++ b/src/network_inspectors/appid/CMakeLists.txt @@ -12,6 +12,7 @@ set (APPID_INCLUDES appid_api.h appid_dns_session.h appid_http_session.h + appid_session_api.h appid_types.h application_ids.h http_xff_fields.h @@ -184,6 +185,8 @@ set ( APPID_SOURCES appid_peg_counts.cc appid_session.cc appid_session.h + appid_session_api.cc + appid_session_api.h appid_types.h appid_inspector.cc appid_inspector.h diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index b97a1b11b..e00ac9cee 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -24,18 +24,18 @@ #endif #include "appid_api.h" -#include "app_info_table.h" -#include "service_plugins/service_bootp.h" -#include "service_plugins/service_netbios.h" + #include "utils/util.h" + +#include "appid_session.h" +#include "appid_session_api.h" +#include "app_info_table.h" #ifdef ENABLE_APPID_THIRD_PARTY #include "tp_appid_session_api.h" #endif using namespace snort; -#define SSL_WHITELIST_PKT_LIMIT 20 - namespace snort { AppIdApi appid_api; @@ -53,10 +53,10 @@ const char* AppIdApi::get_application_name(AppId app_id) return AppInfoManager::get_instance().get_app_name(app_id); } -const char* AppIdApi::get_application_name(Flow* flow, bool from_client) +const char* AppIdApi::get_application_name(Flow& flow, bool from_client) { const char* app_name = nullptr; - AppIdSession* asd = get_appid_session(*flow); + AppIdSession* asd = get_appid_session(flow); if ( asd ) { if ( asd->payload.get_id() ) @@ -87,301 +87,6 @@ AppId AppIdApi::get_application_id(const char* appName) return AppInfoManager::get_instance().get_appid_by_name(appName); } -AppId AppIdApi::get_service_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_service_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_port_service_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->service.get_port_service_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_only_service_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_only_service_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_misc_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_misc_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_client_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_client_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_payload_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_payload_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_referred_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_referred_payload_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_fw_service_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_fw_service_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_fw_misc_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_fw_misc_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_fw_client_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_fw_client_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_fw_payload_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_fw_payload_app_id(); - else - return APP_ID_NONE; -} - -AppId AppIdApi::get_fw_referred_app_id(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->pick_fw_referred_payload_app_id(); - else - return APP_ID_NONE; -} - -bool AppIdApi::is_ssl_session_decrypted(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->is_ssl_session_decrypted(); - return false; -} - -bool AppIdApi::is_appid_inspecting_session(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - if ( asd->common.flow_type == APPID_FLOW_TYPE_NORMAL ) - { - if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED || - !asd->is_tp_appid_done() || - asd->get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) || - (asd->get_session_flags(APPID_SESSION_ENCRYPTED) && - (asd->get_session_flags(APPID_SESSION_DECRYPTED) || - asd->session_packet_count < SSL_WHITELIST_PKT_LIMIT)) ) - { - return true; - } - - if ( asd->client_disco_state != APPID_DISCO_STATE_FINISHED && - (!asd->is_client_detected() || - (asd->service_disco_state != APPID_DISCO_STATE_STATEFUL - && asd->get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))) ) - { - return true; - } - - if ( asd->get_tp_app_id() == APP_ID_SSH && asd->payload.get_id() != APP_ID_SFTP && - asd->session_packet_count < MAX_SFTP_PACKET_COUNT ) - { - return true; - } - } - } - - return false; -} - -const char* AppIdApi::get_user_name(Flow& flow, AppId* service, bool* isLoginSuccessful) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - *service = asd->client.get_user_id(); - *isLoginSuccessful = asd->get_session_flags(APPID_SESSION_LOGIN_SUCCEEDED) ? true : false; - return asd->client.get_username(); - } - - return nullptr; -} - -bool AppIdApi::is_appid_available(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - return ( (asd->service.get_id() != APP_ID_NONE || - asd->payload.get_id() != APP_ID_NONE) && - (asd->is_tp_appid_available() || - asd->get_session_flags(APPID_SESSION_NO_TPI)) ); - } - - return false; -} - -const char* AppIdApi::get_client_version(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->client.get_version(); - else - return nullptr; -} - -uint64_t AppIdApi::get_appid_session_attribute(Flow& flow, uint64_t flags) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->get_session_flags(flags); - return 0; -} - -APPID_FLOW_TYPE AppIdApi::get_flow_type(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->common.flow_type; - else - return APPID_FLOW_TYPE_IGNORE; -} - -void AppIdApi::get_service_info(Flow& flow, const char** vendor, const char** version, - AppIdServiceSubtype** subtype) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - *vendor = asd->service.get_vendor(); - *version = asd->service.get_version(); - *subtype = asd->subtype; - } -} - -short AppIdApi::get_service_port(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->service_port; - else - return 0; -} - -char* AppIdApi::get_tls_host(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - if (asd->tsession) - return asd->tsession->tls_host; - - return nullptr; -} - -SfIp* AppIdApi::get_service_ip(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return &asd->service_ip; - - return nullptr; -} - -SfIp* AppIdApi::get_initiator_ip(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return &asd->common.initiator_ip; - - return nullptr; -} - -DHCPData* AppIdApi::get_dhcp_fp_data(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_FP)) - return static_cast( - asd->remove_flow_data(APPID_SESSION_DATA_DHCP_FP_DATA)); - - return nullptr; -} - -void AppIdApi::free_dhcp_fp_data(Flow& flow, DHCPData* data) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - asd->clear_session_flags(APPID_SESSION_HAS_DHCP_FP); - BootpServiceDetector::AppIdFreeDhcpData(data); - } -} - -DHCPInfo* AppIdApi::get_dhcp_info(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_INFO)) - return static_cast( - asd->remove_flow_data(APPID_SESSION_DATA_DHCP_INFO)); - - return nullptr; -} - -void AppIdApi::free_dhcp_info(Flow& flow, DHCPInfo* data) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - asd->clear_session_flags(APPID_SESSION_HAS_DHCP_INFO); - BootpServiceDetector::AppIdFreeDhcpInfo(data); - } -} - -FpSMBData* AppIdApi::get_smb_fp_data(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - if (asd->get_session_flags(APPID_SESSION_HAS_SMB_INFO)) - return static_cast( - asd->remove_flow_data(APPID_SESSION_DATA_SMB_DATA)); - - return nullptr; -} - -void AppIdApi::free_smb_fp_data(Flow& flow, FpSMBData* data) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - { - asd->clear_session_flags(APPID_SESSION_HAS_SMB_INFO); - NbdgmServiceDetector::AppIdFreeSMBData(data); - } -} - -const char* AppIdApi::get_netbios_name(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->netbios_name; - else - return nullptr; -} - #define APPID_HA_FLAGS_APP ( 1 << 0 ) #define APPID_HA_FLAGS_TP_DONE ( 1 << 1 ) #define APPID_HA_FLAGS_SVC_DONE ( 1 << 2 ) @@ -392,7 +97,7 @@ uint32_t AppIdApi::produce_ha_state(Flow& flow, uint8_t* buf) assert(buf); AppIdSessionHA* appHA = (AppIdSessionHA*)buf; AppIdSession* asd = get_appid_session(flow); - if ( asd && ( get_flow_type(flow) == APPID_FLOW_TYPE_NORMAL ) ) + if ( asd and ( asd->common.flow_type == APPID_FLOW_TYPE_NORMAL ) ) { appHA->flags = APPID_HA_FLAGS_APP; if ( asd->is_tp_appid_available() ) @@ -486,42 +191,17 @@ uint32_t AppIdApi::consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t, IpP return sizeof(*appHA); } -SEARCH_SUPPORT_TYPE AppIdApi::get_http_search(Flow& flow) +AppIdSessionApi* AppIdApi::create_appid_session_api(Flow& flow) { - SEARCH_SUPPORT_TYPE sst = UNKNOWN_SEARCH_ENGINE; - - if ( AppIdSession* asd = get_appid_session(flow) ) - sst = (asd->search_support_type != UNKNOWN_SEARCH_ENGINE) ? - asd->search_support_type : NOT_A_SEARCH_ENGINE; - - return sst; -} + AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); -AppIdDnsSession* AppIdApi::get_dns_session(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->get_dns_session(); - else - return nullptr; -} + if (asd and asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) + return new AppIdSessionApi(asd); -AppIdHttpSession* AppIdApi::get_http_session(Flow& flow) -{ - if ( AppIdSession* asd = get_appid_session(flow) ) - return asd->get_http_session(); - else - return nullptr; + return nullptr; } -bool AppIdApi::is_http_inspection_done(Flow& flow) +void AppIdApi::free_appid_session_api(AppIdSessionApi* api) { - bool done = true; - - if ( AppIdSession* asd = get_appid_session(flow) ) - if ( ( asd->common.flow_type == APPID_FLOW_TYPE_NORMAL ) && - !asd->is_tp_appid_done() ) - done = false; - - return done; + delete api; } - diff --git a/src/network_inspectors/appid/appid_api.h b/src/network_inspectors/appid/appid_api.h index 3957067ec..2a399dcf2 100644 --- a/src/network_inspectors/appid/appid_api.h +++ b/src/network_inspectors/appid/appid_api.h @@ -22,121 +22,17 @@ #ifndef APPID_API_H #define APPID_API_H -#include "application_ids.h" #include "flow/flow.h" +#include "sfip/sf_ip.h" +#include "appid_session_api.h" +#include "application_ids.h" enum class IpProtocol : uint8_t; -class AppIdDnsSession; -class AppIdHttpSession; class AppIdSession; namespace snort { -#define APPID_SESSION_RESPONDER_MONITORED (1ULL << 0) -#define APPID_SESSION_INITIATOR_MONITORED (1ULL << 1) -#define APPID_SESSION_SPECIAL_MONITORED (1ULL << 2) -#define APPID_SESSION_IGNORE_FLOW_LOGGED (1ULL << 3) -#define APPID_SESSION_EXPECTED_EVALUATE (1ULL << 4) -#define APPID_SESSION_DISCOVER_USER (1ULL << 5) -#define APPID_SESSION_HAS_DHCP_FP (1ULL << 6) -#define APPID_SESSION_HAS_DHCP_INFO (1ULL << 7) -#define APPID_SESSION_HAS_SMB_INFO (1ULL << 8) -#define APPID_SESSION_MID (1ULL << 9) -#define APPID_SESSION_OOO (1ULL << 10) -#define APPID_SESSION_SYN_RST (1ULL << 11) -/**Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction. - * Detectors should set this flag by verifying that packet from initiator is indeed a packet from responder. - * Setting this flag without this check will cause RNA to not try other detectors in some cases (see bug 77551).*/ -#define APPID_SESSION_UDP_REVERSED (1ULL << 12) -#define APPID_SESSION_HTTP_SESSION (1ULL << 13) -/**Service protocol was detected */ -#define APPID_SESSION_SERVICE_DETECTED (1ULL << 14) -/**Finished with client app detection */ -#define APPID_SESSION_CLIENT_DETECTED (1ULL << 15) -/**Flow is a data connection not a service */ -#define APPID_SESSION_NOT_A_SERVICE (1ULL << 16) -#define APPID_SESSION_DECRYPTED (1ULL << 17) -#define APPID_SESSION_SERVICE_DELETED (1ULL << 18) -//The following attributes are references only with appId -/**Continue calling the routine after the service has been identified. */ -#define APPID_SESSION_CONTINUE (1ULL << 19) -/**Call service detection even if the host does not exist */ -#define APPID_SESSION_IGNORE_HOST (1ULL << 20) -/**Service protocol had incompatible client data */ -#define APPID_SESSION_INCOMPATIBLE (1ULL << 21) -/**we are ready to see out of network Server packets */ -#define APPID_SESSION_CLIENT_GETS_SERVER_PACKETS (1ULL << 22) -#define APPID_SESSION_DISCOVER_APP (1ULL << 23) -#define APPID_SESSION_PORT_SERVICE_DONE (1ULL << 24) -#define APPID_SESSION_ADDITIONAL_PACKET (1ULL << 25) -#define APPID_SESSION_RESPONDER_CHECKED (1ULL << 26) -#define APPID_SESSION_INITIATOR_CHECKED (1ULL << 27) -#define APPID_SESSION_SSL_SESSION (1ULL << 28) -#define APPID_SESSION_LOGIN_SUCCEEDED (1ULL << 29) -#define APPID_SESSION_SPDY_SESSION (1ULL << 30) -#define APPID_SESSION_ENCRYPTED (1ULL << 31) -#define APPID_SESSION_APP_REINSPECT (1ULL << 32) -#define APPID_SESSION_RESPONSE_CODE_CHECKED (1ULL << 33) -#define APPID_SESSION_REXEC_STDERR (1ULL << 34) -#define APPID_SESSION_CHP_INSPECTING (1ULL << 35) -#define APPID_SESSION_STICKY_SERVICE (1ULL << 36) -#define APPID_SESSION_APP_REINSPECT_SSL (1ULL << 37) -#define APPID_SESSION_NO_TPI (1ULL << 38) -#define APPID_SESSION_IGNORE_FLOW (1ULL << 39) -#define APPID_SESSION_IGNORE_ID_FLAGS \ - (APPID_SESSION_IGNORE_FLOW | \ - APPID_SESSION_NOT_A_SERVICE | \ - APPID_SESSION_NO_TPI | \ - APPID_SESSION_SERVICE_DETECTED | \ - APPID_SESSION_PORT_SERVICE_DONE) -const uint64_t APPID_SESSION_ALL_FLAGS = 0xFFFFFFFFFFFFFFFFULL; - -enum APPID_FLOW_TYPE -{ - APPID_FLOW_TYPE_IGNORE, - APPID_FLOW_TYPE_NORMAL, - APPID_FLOW_TYPE_TMP -}; - -struct AppIdServiceSubtype -{ - AppIdServiceSubtype* next; - const char* service; - const char* vendor; - const char* version; -}; - -#define DHCP_OP55_MAX_SIZE 64 -#define DHCP_OP60_MAX_SIZE 64 - -struct DHCPData -{ - DHCPData* next; - unsigned op55_len; - unsigned op60_len; - uint8_t op55[DHCP_OP55_MAX_SIZE]; - uint8_t op60[DHCP_OP60_MAX_SIZE]; - uint8_t eth_addr[6]; -}; - -struct DHCPInfo -{ - DHCPInfo* next; - uint32_t ipAddr; - uint8_t eth_addr[6]; - uint32_t subnetmask; - uint32_t leaseSecs; - uint32_t router; -}; - -struct FpSMBData -{ - FpSMBData* next; - unsigned major; - unsigned minor; - uint32_t flags; -}; #define APPID_HA_SESSION_APP_NUM_MAX 8 // maximum number of appIds replicated for a flow/session @@ -146,68 +42,24 @@ struct AppIdSessionHA AppId appId[APPID_HA_SESSION_APP_NUM_MAX]; }; -enum SEARCH_SUPPORT_TYPE -{ - NOT_A_SEARCH_ENGINE, - SUPPORTED_SEARCH_ENGINE, - UNSUPPORTED_SEARCH_ENGINE, - UNKNOWN_SEARCH_ENGINE, -}; - // ----------------------------------------------------------------------------- // AppId API // ----------------------------------------------------------------------------- -struct SfIp; - class SO_PUBLIC AppIdApi { public: SO_PRIVATE AppIdApi() = default; - AppIdSession* get_appid_session(Flow&); + AppIdSession* get_appid_session(Flow& flow); const char* get_application_name(AppId app_id); - const char* get_application_name(Flow*, bool from_client); + const char* get_application_name(Flow& flow, bool from_client); AppId get_application_id(const char* appName); - AppId get_service_app_id(Flow&); - AppId get_port_service_app_id(Flow&); - AppId get_only_service_app_id(Flow&); - AppId get_misc_app_id(Flow&); - AppId get_client_app_id(Flow&); - AppId get_payload_app_id(Flow&); - AppId get_referred_app_id(Flow&); - AppId get_fw_service_app_id(Flow&); - AppId get_fw_misc_app_id(Flow&); - AppId get_fw_client_app_id(Flow&); - AppId get_fw_payload_app_id(Flow&); - AppId get_fw_referred_app_id(Flow&); - bool is_ssl_session_decrypted(Flow&); - bool is_appid_inspecting_session(Flow&); - bool is_appid_available(Flow&); - const char* get_user_name(Flow&, AppId* service, bool* isLoginSuccessful); - const char* get_client_version(Flow&); - uint64_t get_appid_session_attribute(Flow&, uint64_t flag); - APPID_FLOW_TYPE get_flow_type(Flow&); - void get_service_info(Flow&, const char** vendor, const char** version, - AppIdServiceSubtype**); - short get_service_port(Flow&); - SfIp* get_service_ip(Flow&); - SfIp* get_initiator_ip(Flow&); - AppIdDnsSession* get_dns_session(Flow&); - AppIdHttpSession* get_http_session(Flow&); - SEARCH_SUPPORT_TYPE get_http_search(Flow&); - char* get_tls_host(Flow&); - DHCPData* get_dhcp_fp_data(Flow&); - void free_dhcp_fp_data(Flow&, DHCPData*); - DHCPInfo* get_dhcp_info(Flow&); - void free_dhcp_info(Flow&, DHCPInfo*); - FpSMBData* get_smb_fp_data(Flow&); - void free_smb_fp_data(Flow&, FpSMBData*); - const char* get_netbios_name(Flow&); uint32_t produce_ha_state(Flow& flow, uint8_t* buf); uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol, SfIp*, uint16_t initiatorPort); - bool is_http_inspection_done(Flow&); + AppIdSessionApi* create_appid_session_api(Flow& flow); + void free_appid_session_api(AppIdSessionApi* api); }; SO_PUBLIC extern AppIdApi appid_api; diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index de9db4472..6c631ea86 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -733,10 +733,18 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp if (asd->get_session_flags(APPID_SESSION_IGNORE_FLOW)) { + if (!asd->get_session_flags(APPID_SESSION_IGNORE_FLOW_IDED)) + { + asd->set_application_ids(asd->pick_service_app_id(), asd->pick_client_app_id(), + asd->pick_payload_app_id(), asd->pick_misc_app_id()); + asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_IDED); + } + if (appidDebug->is_active() && !asd->get_session_flags(APPID_SESSION_IGNORE_FLOW_LOGGED)) { asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_LOGGED); + LogMessage("AppIdDbg %s Ignoring connection with service %d\n", appidDebug->get_debug_session(), asd->service.get_id()); } diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index ec425986f..968270047 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -663,7 +663,7 @@ void AppIdSession::stop_rna_service_inspection(Packet* p, AppidSessionDirection service_disco_state = APPID_DISCO_STATE_FINISHED; - if ( (is_tp_appid_available() || get_session_flags(APPID_SESSION_NO_TPI) ) + if ( (is_tp_appid_available() or get_session_flags(APPID_SESSION_NO_TPI) ) and payload.get_id() == APP_ID_NONE ) payload.set_id(APP_ID_UNKNOWN); @@ -773,7 +773,7 @@ AppId AppIdSession::pick_referred_payload_app_id() AppId AppIdSession::pick_fw_service_app_id() { - AppId appId = pick_service_app_id(); + AppId appId = application_ids[APP_PROTOID_SERVICE]; if (appId == APP_ID_NONE || appId== APP_ID_UNKNOWN_UI) appId = encrypted.service_id; return appId; @@ -781,7 +781,7 @@ AppId AppIdSession::pick_fw_service_app_id() AppId AppIdSession::pick_fw_misc_app_id() { - AppId appId = pick_misc_app_id(); + AppId appId = application_ids[APP_PROTOID_MISC]; if (appId == APP_ID_NONE) appId = encrypted.misc_id; return appId; @@ -789,13 +789,12 @@ AppId AppIdSession::pick_fw_misc_app_id() AppId AppIdSession::pick_fw_client_app_id() { - AppId appId = pick_client_app_id(); - return appId; + return application_ids[APP_PROTOID_CLIENT]; } AppId AppIdSession::pick_fw_payload_app_id() { - AppId appId = pick_payload_app_id(); + AppId appId = application_ids[APP_PROTOID_PAYLOAD]; if (appId == APP_ID_NONE) appId = encrypted.payload_id; return appId; diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc new file mode 100644 index 000000000..7b7fef7c2 --- /dev/null +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -0,0 +1,266 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. +// Copyright (C) 2005-2013 Sourcefire, Inc. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- + +// appid_session_api.cc author Sourcefire Inc. + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "appid_session_api.h" + +#include "appid_session.h" +#include "service_plugins/service_bootp.h" +#include "service_plugins/service_netbios.h" + +#define SSL_WHITELIST_PKT_LIMIT 20 + +using namespace snort; + +bool AppIdSessionApi::refresh(Flow& flow) +{ + AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); + + if (new_asd and new_asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) + { + asd = new_asd; + return true; + } + return false; +} + +AppId AppIdSessionApi::get_service_app_id() +{ + return asd->pick_service_app_id(); +} + +AppId AppIdSessionApi::get_port_service_app_id() +{ + return asd->service.get_port_service_id(); +} + +AppId AppIdSessionApi::get_only_service_app_id() +{ + return asd->pick_only_service_app_id(); +} + +AppId AppIdSessionApi::get_misc_app_id() +{ + return asd->pick_misc_app_id(); +} + +AppId AppIdSessionApi::get_client_app_id() +{ + return asd->pick_client_app_id(); +} + +AppId AppIdSessionApi::get_payload_app_id() +{ + return asd->pick_payload_app_id(); +} + +AppId AppIdSessionApi::get_referred_app_id() +{ + return asd->pick_referred_payload_app_id(); +} + +AppId AppIdSessionApi::get_fw_service_app_id() +{ + return asd->pick_fw_service_app_id(); +} + +AppId AppIdSessionApi::get_fw_misc_app_id() +{ + return asd->pick_fw_misc_app_id(); +} + +AppId AppIdSessionApi::get_fw_client_app_id() +{ + return asd->pick_fw_client_app_id(); +} + +AppId AppIdSessionApi::get_fw_payload_app_id() +{ + return asd->pick_fw_payload_app_id(); +} + +AppId AppIdSessionApi::get_fw_referred_app_id() +{ + return asd->pick_fw_referred_payload_app_id(); +} + +bool AppIdSessionApi::is_ssl_session_decrypted() +{ + return asd->is_ssl_session_decrypted(); +} + +bool AppIdSessionApi::is_appid_inspecting_session() +{ + if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or + !asd->is_tp_appid_done() or + asd->get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) or + (asd->get_session_flags(APPID_SESSION_ENCRYPTED) and + (asd->get_session_flags(APPID_SESSION_DECRYPTED) or + asd->session_packet_count < SSL_WHITELIST_PKT_LIMIT)) ) + { + return true; + } + + if ( asd->client_disco_state != APPID_DISCO_STATE_FINISHED and + (!asd->is_client_detected() or + (asd->service_disco_state != APPID_DISCO_STATE_STATEFUL + and asd->get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))) ) + { + return true; + } + + if ( asd->get_tp_app_id() == APP_ID_SSH and asd->payload.get_id() != APP_ID_SFTP and + asd->session_packet_count < MAX_SFTP_PACKET_COUNT ) + { + return true; + } + + return false; +} + +const char* AppIdSessionApi::get_user_name(AppId* service, bool* isLoginSuccessful) +{ + *service = asd->client.get_user_id(); + *isLoginSuccessful = asd->get_session_flags(APPID_SESSION_LOGIN_SUCCEEDED) ? true : false; + return asd->client.get_username(); +} + +bool AppIdSessionApi::is_appid_available() +{ + return ( (asd->service.get_id() != APP_ID_NONE || + asd->payload.get_id() != APP_ID_NONE) && + (asd->is_tp_appid_available() || + asd->get_session_flags(APPID_SESSION_NO_TPI)) ); +} + +const char* AppIdSessionApi::get_client_version() +{ + return asd->client.get_version(); +} + +uint64_t AppIdSessionApi::get_appid_session_attribute(uint64_t flags) +{ + return asd->get_session_flags(flags); +} + +void AppIdSessionApi::get_service_info(const char** vendor, const char** version, + AppIdServiceSubtype** subtype) +{ + *vendor = asd->service.get_vendor(); + *version = asd->service.get_version(); + *subtype = asd->subtype; +} + +short AppIdSessionApi::get_service_port() +{ + return asd->service_port; +} + +char* AppIdSessionApi::get_tls_host() +{ + if (asd->tsession) + return asd->tsession->tls_host; + + return nullptr; +} + +SfIp* AppIdSessionApi::get_service_ip() +{ + return &asd->service_ip; +} + +SfIp* AppIdSessionApi::get_initiator_ip() +{ + return &asd->common.initiator_ip; +} + +DHCPData* AppIdSessionApi::get_dhcp_fp_data() +{ + if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_FP)) + return static_cast(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_FP_DATA)); + + return nullptr; +} + +void AppIdSessionApi::free_dhcp_fp_data(DHCPData* data) +{ + asd->clear_session_flags(APPID_SESSION_HAS_DHCP_FP); + BootpServiceDetector::AppIdFreeDhcpData(data); +} + +DHCPInfo* AppIdSessionApi::get_dhcp_info() +{ + if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_INFO)) + return static_cast(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_INFO)); + + return nullptr; +} + +void AppIdSessionApi::free_dhcp_info(DHCPInfo* data) +{ + asd->clear_session_flags(APPID_SESSION_HAS_DHCP_INFO); + BootpServiceDetector::AppIdFreeDhcpInfo(data); +} + +FpSMBData* AppIdSessionApi::get_smb_fp_data() +{ + if (asd->get_session_flags(APPID_SESSION_HAS_SMB_INFO)) + return static_cast(asd->remove_flow_data(APPID_SESSION_DATA_SMB_DATA)); + + return nullptr; +} + +void AppIdSessionApi::free_smb_fp_data(FpSMBData* data) +{ + asd->clear_session_flags(APPID_SESSION_HAS_SMB_INFO); + NbdgmServiceDetector::AppIdFreeSMBData(data); +} + +const char* AppIdSessionApi::get_netbios_name() +{ + return asd->netbios_name; +} + +SEARCH_SUPPORT_TYPE AppIdSessionApi::get_http_search() +{ + return (asd->search_support_type != UNKNOWN_SEARCH_ENGINE) ? + asd->search_support_type : NOT_A_SEARCH_ENGINE; +} + +AppIdDnsSession* AppIdSessionApi::get_dns_session() +{ + return asd->get_dns_session(); +} + +AppIdHttpSession* AppIdSessionApi::get_http_session() +{ + return asd->get_http_session(); +} + +bool AppIdSessionApi::is_http_inspection_done() +{ + return asd->is_tp_appid_done(); +} + + diff --git a/src/network_inspectors/appid/appid_session_api.h b/src/network_inspectors/appid/appid_session_api.h new file mode 100644 index 000000000..c5d2dab61 --- /dev/null +++ b/src/network_inspectors/appid/appid_session_api.h @@ -0,0 +1,198 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. +// Copyright (C) 2005-2013 Sourcefire, Inc. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- + +// appid_session_api.h author Sourcefire Inc. + +#ifndef APPID_SESSION_API_H +#define APPID_SESSION_API_H + +#include "flow/flow.h" +#include "main/snort_types.h" +#include "sfip/sf_ip.h" +#include "application_ids.h" + +class AppIdDnsSession; +class AppIdHttpSession; +class AppIdSession; + +namespace snort +{ +#define APPID_SESSION_RESPONDER_MONITORED (1ULL << 0) +#define APPID_SESSION_INITIATOR_MONITORED (1ULL << 1) +#define APPID_SESSION_SPECIAL_MONITORED (1ULL << 2) +#define APPID_SESSION_IGNORE_FLOW_LOGGED (1ULL << 3) +#define APPID_SESSION_EXPECTED_EVALUATE (1ULL << 4) +#define APPID_SESSION_DISCOVER_USER (1ULL << 5) +#define APPID_SESSION_HAS_DHCP_FP (1ULL << 6) +#define APPID_SESSION_HAS_DHCP_INFO (1ULL << 7) +#define APPID_SESSION_HAS_SMB_INFO (1ULL << 8) +#define APPID_SESSION_MID (1ULL << 9) +#define APPID_SESSION_OOO (1ULL << 10) +#define APPID_SESSION_SYN_RST (1ULL << 11) +/**Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction. + * Detectors should set this flag by verifying that packet from initiator is indeed a packet from responder. + * Setting this flag without this check will cause RNA to not try other detectors in some cases (see bug 77551).*/ +#define APPID_SESSION_UDP_REVERSED (1ULL << 12) +#define APPID_SESSION_HTTP_SESSION (1ULL << 13) +/**Service protocol was detected */ +#define APPID_SESSION_SERVICE_DETECTED (1ULL << 14) +/**Finished with client app detection */ +#define APPID_SESSION_CLIENT_DETECTED (1ULL << 15) +/**Flow is a data connection not a service */ +#define APPID_SESSION_NOT_A_SERVICE (1ULL << 16) +#define APPID_SESSION_DECRYPTED (1ULL << 17) +#define APPID_SESSION_SERVICE_DELETED (1ULL << 18) +//The following attributes are references only with appId +/**Continue calling the routine after the service has been identified. */ +#define APPID_SESSION_CONTINUE (1ULL << 19) +/**Call service detection even if the host does not exist */ +#define APPID_SESSION_IGNORE_HOST (1ULL << 20) +/**Service protocol had incompatible client data */ +#define APPID_SESSION_INCOMPATIBLE (1ULL << 21) +/**we are ready to see out of network Server packets */ +#define APPID_SESSION_CLIENT_GETS_SERVER_PACKETS (1ULL << 22) +#define APPID_SESSION_DISCOVER_APP (1ULL << 23) +#define APPID_SESSION_PORT_SERVICE_DONE (1ULL << 24) +#define APPID_SESSION_ADDITIONAL_PACKET (1ULL << 25) +#define APPID_SESSION_RESPONDER_CHECKED (1ULL << 26) +#define APPID_SESSION_INITIATOR_CHECKED (1ULL << 27) +#define APPID_SESSION_SSL_SESSION (1ULL << 28) +#define APPID_SESSION_LOGIN_SUCCEEDED (1ULL << 29) +#define APPID_SESSION_SPDY_SESSION (1ULL << 30) +#define APPID_SESSION_ENCRYPTED (1ULL << 31) +#define APPID_SESSION_APP_REINSPECT (1ULL << 32) +#define APPID_SESSION_RESPONSE_CODE_CHECKED (1ULL << 33) +#define APPID_SESSION_REXEC_STDERR (1ULL << 34) +#define APPID_SESSION_CHP_INSPECTING (1ULL << 35) +#define APPID_SESSION_STICKY_SERVICE (1ULL << 36) +#define APPID_SESSION_APP_REINSPECT_SSL (1ULL << 37) +#define APPID_SESSION_NO_TPI (1ULL << 38) +#define APPID_SESSION_IGNORE_FLOW (1ULL << 39) +#define APPID_SESSION_IGNORE_FLOW_IDED (1ULL << 40) +#define APPID_SESSION_IGNORE_ID_FLAGS \ + (APPID_SESSION_IGNORE_FLOW | \ + APPID_SESSION_NOT_A_SERVICE | \ + APPID_SESSION_NO_TPI | \ + APPID_SESSION_SERVICE_DETECTED | \ + APPID_SESSION_PORT_SERVICE_DONE) +const uint64_t APPID_SESSION_ALL_FLAGS = 0xFFFFFFFFFFFFFFFFULL; + +enum APPID_FLOW_TYPE +{ + APPID_FLOW_TYPE_IGNORE, + APPID_FLOW_TYPE_NORMAL, + APPID_FLOW_TYPE_TMP +}; + +struct AppIdServiceSubtype +{ + AppIdServiceSubtype* next; + const char* service; + const char* vendor; + const char* version; +}; + +#define DHCP_OP55_MAX_SIZE 64 +#define DHCP_OP60_MAX_SIZE 64 + +struct DHCPData +{ + DHCPData* next; + unsigned op55_len; + unsigned op60_len; + uint8_t op55[DHCP_OP55_MAX_SIZE]; + uint8_t op60[DHCP_OP60_MAX_SIZE]; + uint8_t eth_addr[6]; +}; + +struct DHCPInfo +{ + DHCPInfo* next; + uint32_t ipAddr; + uint8_t eth_addr[6]; + uint32_t subnetmask; + uint32_t leaseSecs; + uint32_t router; +}; + +struct FpSMBData +{ + FpSMBData* next; + unsigned major; + unsigned minor; + uint32_t flags; +}; + +enum SEARCH_SUPPORT_TYPE +{ + NOT_A_SEARCH_ENGINE, + SUPPORTED_SEARCH_ENGINE, + UNSUPPORTED_SEARCH_ENGINE, + UNKNOWN_SEARCH_ENGINE, +}; + + +class SO_PUBLIC AppIdSessionApi +{ +public: + AppIdSessionApi(AppIdSession* asd) : asd(asd) {} + bool refresh(Flow& flow); + AppId get_service_app_id(); + AppId get_port_service_app_id(); + AppId get_only_service_app_id(); + AppId get_misc_app_id(); + AppId get_client_app_id(); + AppId get_payload_app_id(); + AppId get_referred_app_id(); + AppId get_fw_service_app_id(); + AppId get_fw_misc_app_id(); + AppId get_fw_client_app_id(); + AppId get_fw_payload_app_id(); + AppId get_fw_referred_app_id(); + bool is_ssl_session_decrypted(); + bool is_appid_inspecting_session(); + bool is_appid_available(); + const char* get_user_name(AppId* service, bool* isLoginSuccessful); + const char* get_client_version(); + uint64_t get_appid_session_attribute(uint64_t flag); + APPID_FLOW_TYPE get_flow_type(); + void get_service_info(const char** vendor, const char** version, + AppIdServiceSubtype**); + short get_service_port(); + SfIp* get_service_ip(); + SfIp* get_initiator_ip(); + AppIdDnsSession* get_dns_session(); + AppIdHttpSession* get_http_session(); + SEARCH_SUPPORT_TYPE get_http_search(); + char* get_tls_host(); + DHCPData* get_dhcp_fp_data(); + void free_dhcp_fp_data(DHCPData*); + DHCPInfo* get_dhcp_info(); + void free_dhcp_info(DHCPInfo*); + FpSMBData* get_smb_fp_data(); + void free_smb_fp_data(FpSMBData*); + const char* get_netbios_name(); + bool is_http_inspection_done(); + +private: + AppIdSession* asd; +}; + +} +#endif diff --git a/src/network_inspectors/appid/test/CMakeLists.txt b/src/network_inspectors/appid/test/CMakeLists.txt index 91eef3598..36b6b52f2 100644 --- a/src/network_inspectors/appid/test/CMakeLists.txt +++ b/src/network_inspectors/appid/test/CMakeLists.txt @@ -6,6 +6,10 @@ add_cpputest( appid_api_test SOURCES $ ) +add_cpputest( appid_session_api_test + SOURCES $ +) + add_cpputest( appid_detector_test SOURCES $ ) diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index 260486e45..2b7c16b50 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -45,21 +45,6 @@ using namespace snort; -void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data) -{ - delete data; -} - -void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* info) -{ - delete info; -} - -void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data) -{ - delete data; -} - const char* AppInfoManager::get_app_name(AppId) { return test_app_name; @@ -103,332 +88,6 @@ TEST(appid_api, get_application_id) CHECK_EQUAL(id, 1492); } -TEST(appid_api, get_service_app_id) -{ - AppId id = appid_api.get_service_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_port_service_app_id) -{ - AppId id = appid_api.get_port_service_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID + 3); -} - -TEST(appid_api, get_only_service_app_id) -{ - AppId id = appid_api.get_only_service_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_misc_app_id) -{ - AppId id = appid_api.get_misc_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_client_app_id) -{ - AppId id = appid_api.get_client_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_payload_app_id) -{ - AppId id = appid_api.get_payload_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_referred_app_id) -{ - AppId id = appid_api.get_referred_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_fw_service_app_id) -{ - AppId id = appid_api.get_fw_service_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_fw_misc_app_id) -{ - AppId id = appid_api.get_fw_misc_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_fw_client_app_id) -{ - AppId id = appid_api.get_fw_client_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_fw_payload_app_id) -{ - AppId id = appid_api.get_fw_payload_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_fw_referred_app_id) -{ - AppId id = appid_api.get_fw_referred_app_id(*flow); - CHECK_EQUAL(id, APPID_UT_ID); -} - -TEST(appid_api, get_flow_type) -{ - APPID_FLOW_TYPE ft = appid_api.get_flow_type(*flow); - CHECK_EQUAL(ft, APPID_FLOW_TYPE_NORMAL); -} - -TEST(appid_api, get_service_port) -{ - short sp = appid_api.get_service_port(*flow); - CHECK_EQUAL(sp, APPID_UT_SERVICE_PORT); -} - - -TEST(appid_api, get_http_search) -{ - SEARCH_SUPPORT_TYPE val = appid_api.get_http_search(*flow); - CHECK_TRUE(val == NOT_A_SEARCH_ENGINE); - mock_session->search_support_type = SUPPORTED_SEARCH_ENGINE; - val = appid_api.get_http_search(*flow); - CHECK_TRUE(val == SUPPORTED_SEARCH_ENGINE); - mock_session->search_support_type = UNSUPPORTED_SEARCH_ENGINE; - val = appid_api.get_http_search(*flow); - CHECK_TRUE(val == UNSUPPORTED_SEARCH_ENGINE); - mock_session->search_support_type = NOT_A_SEARCH_ENGINE; - val = appid_api.get_http_search(*flow); - CHECK_TRUE(val == NOT_A_SEARCH_ENGINE); -} - -TEST(appid_api, get_tls_host) -{ - const char* val = appid_api.get_tls_host(*flow); - STRCMP_EQUAL(val, APPID_UT_TLS_HOST); -} - -TEST(appid_api, get_service_ip) -{ - SfIp expected_ip; - - expected_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR); - - SfIp* val = appid_api.get_service_ip(*flow); - CHECK_TRUE(val->fast_eq4(expected_ip)); -} - -TEST(appid_api, get_initiator_ip) -{ - SfIp expected_ip; - - expected_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR); - - SfIp* val = appid_api.get_initiator_ip(*flow); - CHECK_TRUE(val->fast_eq4(expected_ip)); -} - -TEST(appid_api, get_netbios_name) -{ - const char* val; - val = appid_api.get_netbios_name(*flow); - STRCMP_EQUAL(val, APPID_UT_NETBIOS_NAME); -} - -TEST(appid_api, is_ssl_session_decrypted) -{ - bool val = appid_api.is_ssl_session_decrypted(*flow); - CHECK_TRUE(!val); - is_session_decrypted = true; - val = appid_api.is_ssl_session_decrypted(*flow); - CHECK_TRUE(val); -} - -TEST(appid_api, is_appid_inspecting_session) -{ - mock_session->service_disco_state = APPID_DISCO_STATE_STATEFUL; - bool val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(val); - mock_session->service_disco_state = APPID_DISCO_STATE_FINISHED; - mock_session->set_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE); - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(val); - mock_session->clear_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE); - mock_session->set_session_flags(APPID_SESSION_ENCRYPTED); - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(val); - mock_session->set_session_flags(APPID_SESSION_DECRYPTED); - mock_session->session_packet_count = SSL_WHITELIST_PKT_LIMIT; - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(val); - - // 2nd if in is_appid_inspecting_session - mock_session->clear_session_flags(APPID_SESSION_DECRYPTED); - mock_session->set_session_flags(APPID_SESSION_CLIENT_DETECTED); - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(!val); - mock_session->set_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS); - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(val); - mock_session->client_disco_state = APPID_DISCO_STATE_FINISHED; - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(!val); - - // 3rd if in is_appid_inspecting_session - mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT; - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(!val); - mock_session->payload.set_id(APP_ID_SFTP); - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(!val); - mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT - 1; - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(!val); - mock_session->payload.set_id(APP_ID_NONE); - mock_session->set_tp_app_id(APP_ID_SSH); - val = appid_api.is_appid_inspecting_session(*flow); - CHECK_TRUE(val); -} - -TEST(appid_api, get_user_name) -{ - AppId service; - bool isLoginSuccessful; - - const char* val; - val = appid_api.get_user_name(*flow, &service, &isLoginSuccessful); - STRCMP_EQUAL(val, APPID_UT_USERNAME); - CHECK_TRUE(service == APPID_UT_ID); - CHECK_TRUE(!isLoginSuccessful); - mock_session->set_session_flags(APPID_SESSION_LOGIN_SUCCEEDED); - val = appid_api.get_user_name(*flow, &service, &isLoginSuccessful); - CHECK_TRUE(service == APPID_UT_ID); - CHECK_TRUE(isLoginSuccessful); -} - -TEST(appid_api, is_appid_available) -{ - bool val; - val = appid_api.is_appid_available(*flow); - CHECK_TRUE(val); - mock_session->set_session_flags(APPID_SESSION_NO_TPI); - val = appid_api.is_appid_available(*flow); - CHECK_TRUE(val); -} - -TEST(appid_api, get_client_version) -{ - const char* val; - val = appid_api.get_client_version(*flow); - STRCMP_EQUAL(val, APPID_UT_CLIENT_VERSION); -} - -TEST(appid_api, get_appid_session_attribute) -{ - uint64_t flags = 0x0000000000000001; - - for ( unsigned i = 0; i < 64; i++ ) - { - flags <<= i; - mock_session->set_session_flags(flags); - uint64_t fv = appid_api.get_appid_session_attribute(*flow, flags); - CHECK_TRUE((fv & flags) == flags); - mock_session->clear_session_flags(flags); - fv = appid_api.get_appid_session_attribute(*flow, flags); - CHECK_TRUE((fv & flags) == 0) - } -} - -TEST(appid_api, get_service_info) -{ - const char* serviceVendor; - const char* serviceVersion; - AppIdServiceSubtype* serviceSubtype; - - appid_api.get_service_info(*flow, &serviceVendor, &serviceVersion, &serviceSubtype); - STRCMP_EQUAL(serviceVendor, APPID_UT_SERVICE_VENDOR); - STRCMP_EQUAL(serviceVersion, APPID_UT_SERVICE_VERSION); - STRCMP_EQUAL(serviceSubtype->service, APPID_UT_SERVICE); - STRCMP_EQUAL(serviceSubtype->vendor, APPID_UT_SERVICE_VENDOR); - STRCMP_EQUAL(serviceSubtype->version, APPID_UT_SERVICE_VERSION); -} - -TEST(appid_api, appid_dns_api) -{ - AppIdDnsSession* dsession = appid_api.get_dns_session(*flow); - - const char* val = dsession->get_host(); - STRCMP_EQUAL(val, APPID_ID_UT_DNS_HOST); - uint8_t query_len = dsession->get_host_len(); - CHECK_TRUE(query_len == strlen(APPID_ID_UT_DNS_HOST)); - - uint16_t qoff; - qoff = dsession->get_host_offset(); - CHECK_TRUE(qoff == APPID_UT_DNS_HOST_OFFSET); - - uint16_t rt; - rt = dsession->get_record_type(); - CHECK_TRUE(rt == APPID_UT_DNS_PATTERN_CNAME_REC); - - uint8_t rc; - rc = dsession->get_response_type(); - CHECK_TRUE(rc == APPID_UT_DNS_NOERROR); - - uint32_t ttl; - ttl = dsession->get_ttl(); - CHECK_TRUE(ttl == APPID_UT_DNS_TTL); -} - -TEST(appid_api, dhcp_fp_data) -{ - DHCPData* val; - val = appid_api.get_dhcp_fp_data(*flow); - CHECK_TRUE(!val); - val = new DHCPData; - mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_FP_DATA, nullptr); - val = appid_api.get_dhcp_fp_data(*flow); - CHECK_TRUE(val); - appid_api.free_dhcp_fp_data(*flow, val); - val = appid_api.get_dhcp_fp_data(*flow); - CHECK_TRUE(!val); -} - -TEST(appid_api, dhcp_info) -{ - DHCPInfo* val; - val = appid_api.get_dhcp_info(*flow); - CHECK_TRUE(!val); - val = new DHCPInfo; - mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_INFO, nullptr); - val = appid_api.get_dhcp_info(*flow); - CHECK_TRUE(val); - appid_api.free_dhcp_info(*flow, val); - val = appid_api.get_dhcp_info(*flow); - CHECK_TRUE(!val); -} - -TEST(appid_api, smb_fp_data) -{ - FpSMBData* val; - val = appid_api.get_smb_fp_data(*flow); - CHECK_TRUE(!val); - val = new FpSMBData; - mock_session->add_flow_data(val, APPID_SESSION_DATA_SMB_DATA, nullptr); - val = appid_api.get_smb_fp_data(*flow); - CHECK_TRUE(val); - appid_api.free_smb_fp_data(*flow, val); - val = appid_api.get_smb_fp_data(*flow); - CHECK_TRUE(!val); -} - -TEST(appid_api, is_http_inspection_done) -{ - bool val; - val = appid_api.is_http_inspection_done(*flow); - CHECK_TRUE(val); -} - // FIXIT - enable this test when consume ha appid api call is fixed #ifdef APPID_HA_SUPPORT_ENABLED TEST(appid_api, produce_ha_state) @@ -491,6 +150,28 @@ TEST(appid_api, produce_ha_state) } #endif +TEST(appid_api, create_appid_session_api) +{ + AppIdSessionApi* appid_session_api = appid_api.create_appid_session_api(*flow); + CHECK_TRUE(appid_session_api); + appid_api.free_appid_session_api(appid_session_api); + + Flow* old_flow = flow; + flow = new Flow; + flow->set_flow_data(nullptr); + appid_session_api = appid_api.create_appid_session_api(*flow); + CHECK_FALSE(appid_session_api); + + AppIdSession ignore_asd(IpProtocol::TCP, nullptr, 1492, appid_inspector); + ignore_asd.common.flow_type = APPID_FLOW_TYPE_IGNORE; + flow->set_flow_data(&ignore_asd); + appid_session_api = appid_api.create_appid_session_api(*flow); + CHECK_FALSE(appid_session_api); + + delete flow; + flow = old_flow; +} + int main(int argc, char** argv) { mock_init_appid_pegs(); diff --git a/src/network_inspectors/appid/test/appid_mock_inspector.h b/src/network_inspectors/appid/test/appid_mock_inspector.h index 0f1c03183..37b719377 100644 --- a/src/network_inspectors/appid/test/appid_mock_inspector.h +++ b/src/network_inspectors/appid/test/appid_mock_inspector.h @@ -18,6 +18,9 @@ // appid_mock_inspector.h author davis mcpherson +#ifndef APPID_MOCK_INSPECTOR_H +#define APPID_MOCK_INSPECTOR_H + typedef uint64_t Trace; class Value; @@ -69,3 +72,5 @@ public: AppIdModule appid_mod; AppIdInspector appid_inspector( appid_mod ); + +#endif diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index 880b9885c..fcf310bfc 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -24,6 +24,7 @@ #include "appid_dns_session.h" #include "appid_mock_flow.h" #include "appid_mock_http_session.h" +#include "appid_mock_inspector.h" bool is_session_decrypted = false; diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc new file mode 100644 index 000000000..f046b5249 --- /dev/null +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -0,0 +1,394 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2016-2018 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- + +// appid_session_api_test.cc author davis mcpherson + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "network_inspectors/appid/appid_session_api.cc" + +#include "appid_mock_definitions.h" +#include "appid_mock_session.h" + +#include +#include + +void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data) +{ + delete data; +} + +void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* info) +{ + delete info; +} + +void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data) +{ + delete data; +} + +AppIdSession* mock_session = nullptr; +AppIdSessionApi* appid_session_api = nullptr; + +TEST_GROUP(appid_session_api) +{ + void setup() override + { + MemoryLeakWarningPlugin::turnOffNewDeleteOverloads(); + appid_session_api = new AppIdSessionApi(mock_session); + } + + void teardown() override + { + delete appid_session_api; + MemoryLeakWarningPlugin::turnOnNewDeleteOverloads(); + } +}; + +TEST(appid_session_api, get_service_app_id) +{ + AppId id = appid_session_api->get_service_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_port_service_app_id) +{ + AppId id = appid_session_api->get_port_service_app_id(); + CHECK_EQUAL(id, APPID_UT_ID + 3); +} + +TEST(appid_session_api, get_only_service_app_id) +{ + AppId id = appid_session_api->get_only_service_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_misc_app_id) +{ + AppId id = appid_session_api->get_misc_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_client_app_id) +{ + AppId id = appid_session_api->get_client_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_payload_app_id) +{ + AppId id = appid_session_api->get_payload_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_referred_app_id) +{ + AppId id = appid_session_api->get_referred_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_fw_service_app_id) +{ + AppId id = appid_session_api->get_fw_service_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_fw_misc_app_id) +{ + AppId id = appid_session_api->get_fw_misc_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_fw_client_app_id) +{ + AppId id = appid_session_api->get_fw_client_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_fw_payload_app_id) +{ + AppId id = appid_session_api->get_fw_payload_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_fw_referred_app_id) +{ + AppId id = appid_session_api->get_fw_referred_app_id(); + CHECK_EQUAL(id, APPID_UT_ID); +} + +TEST(appid_session_api, get_service_port) +{ + short sp = appid_session_api->get_service_port(); + CHECK_EQUAL(sp, APPID_UT_SERVICE_PORT); +} + + +TEST(appid_session_api, get_http_search) +{ + SEARCH_SUPPORT_TYPE val = appid_session_api->get_http_search(); + CHECK_TRUE(val == NOT_A_SEARCH_ENGINE); + mock_session->search_support_type = SUPPORTED_SEARCH_ENGINE; + val = appid_session_api->get_http_search(); + CHECK_TRUE(val == SUPPORTED_SEARCH_ENGINE); + mock_session->search_support_type = UNSUPPORTED_SEARCH_ENGINE; + val = appid_session_api->get_http_search(); + CHECK_TRUE(val == UNSUPPORTED_SEARCH_ENGINE); + mock_session->search_support_type = NOT_A_SEARCH_ENGINE; + val = appid_session_api->get_http_search(); + CHECK_TRUE(val == NOT_A_SEARCH_ENGINE); +} + +TEST(appid_session_api, get_tls_host) +{ + const char* val = appid_session_api->get_tls_host(); + STRCMP_EQUAL(val, APPID_UT_TLS_HOST); +} + +TEST(appid_session_api, get_service_ip) +{ + SfIp expected_ip; + + expected_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR); + + SfIp* val = appid_session_api->get_service_ip(); + CHECK_TRUE(val->fast_eq4(expected_ip)); +} + +TEST(appid_session_api, get_initiator_ip) +{ + SfIp expected_ip; + + expected_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR); + + SfIp* val = appid_session_api->get_initiator_ip(); + CHECK_TRUE(val->fast_eq4(expected_ip)); +} + +TEST(appid_session_api, get_netbios_name) +{ + const char* val; + val = appid_session_api->get_netbios_name(); + STRCMP_EQUAL(val, APPID_UT_NETBIOS_NAME); +} + +TEST(appid_session_api, is_ssl_session_decrypted) +{ + bool val = appid_session_api->is_ssl_session_decrypted(); + CHECK_TRUE(!val); + is_session_decrypted = true; + val = appid_session_api->is_ssl_session_decrypted(); + CHECK_TRUE(val); +} + +TEST(appid_session_api, is_appid_inspecting_session) +{ + mock_session->service_disco_state = APPID_DISCO_STATE_STATEFUL; + bool val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(val); + mock_session->service_disco_state = APPID_DISCO_STATE_FINISHED; + mock_session->set_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE); + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(val); + mock_session->clear_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE); + mock_session->set_session_flags(APPID_SESSION_ENCRYPTED); + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(val); + mock_session->set_session_flags(APPID_SESSION_DECRYPTED); + mock_session->session_packet_count = SSL_WHITELIST_PKT_LIMIT; + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(val); + + // 2nd if in is_appid_inspecting_session + mock_session->clear_session_flags(APPID_SESSION_DECRYPTED); + mock_session->set_session_flags(APPID_SESSION_CLIENT_DETECTED); + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(!val); + mock_session->set_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS); + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(val); + mock_session->client_disco_state = APPID_DISCO_STATE_FINISHED; + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(!val); + + // 3rd if in is_appid_inspecting_session + mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT; + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(!val); + mock_session->payload.set_id(APP_ID_SFTP); + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(!val); + mock_session->session_packet_count = MAX_SFTP_PACKET_COUNT - 1; + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(!val); + mock_session->payload.set_id(APP_ID_NONE); + mock_session->set_tp_app_id(APP_ID_SSH); + val = appid_session_api->is_appid_inspecting_session(); + CHECK_TRUE(val); +} + +TEST(appid_session_api, get_user_name) +{ + AppId service; + bool isLoginSuccessful; + + const char* val; + val = appid_session_api->get_user_name(&service, &isLoginSuccessful); + STRCMP_EQUAL(val, APPID_UT_USERNAME); + CHECK_TRUE(service == APPID_UT_ID); + CHECK_TRUE(!isLoginSuccessful); + mock_session->set_session_flags(APPID_SESSION_LOGIN_SUCCEEDED); + val = appid_session_api->get_user_name(&service, &isLoginSuccessful); + CHECK_TRUE(service == APPID_UT_ID); + CHECK_TRUE(isLoginSuccessful); +} + +TEST(appid_session_api, is_appid_available) +{ + bool val; + val = appid_session_api->is_appid_available(); + CHECK_TRUE(val); + mock_session->set_session_flags(APPID_SESSION_NO_TPI); + val = appid_session_api->is_appid_available(); + CHECK_TRUE(val); +} + +TEST(appid_session_api, get_client_version) +{ + const char* val; + val = appid_session_api->get_client_version(); + STRCMP_EQUAL(val, APPID_UT_CLIENT_VERSION); +} + +TEST(appid_session_api, get_appid_session_attribute) +{ + uint64_t flags = 0x0000000000000001; + + for ( unsigned i = 0; i < 64; i++ ) + { + flags <<= i; + mock_session->set_session_flags(flags); + uint64_t fv = appid_session_api->get_appid_session_attribute(flags); + CHECK_TRUE((fv & flags) == flags); + mock_session->clear_session_flags(flags); + fv = appid_session_api->get_appid_session_attribute(flags); + CHECK_TRUE((fv & flags) == 0) + } +} + +TEST(appid_session_api, get_service_info) +{ + const char* serviceVendor; + const char* serviceVersion; + AppIdServiceSubtype* serviceSubtype; + + appid_session_api->get_service_info(&serviceVendor, &serviceVersion, &serviceSubtype); + STRCMP_EQUAL(serviceVendor, APPID_UT_SERVICE_VENDOR); + STRCMP_EQUAL(serviceVersion, APPID_UT_SERVICE_VERSION); + STRCMP_EQUAL(serviceSubtype->service, APPID_UT_SERVICE); + STRCMP_EQUAL(serviceSubtype->vendor, APPID_UT_SERVICE_VENDOR); + STRCMP_EQUAL(serviceSubtype->version, APPID_UT_SERVICE_VERSION); +} + +TEST(appid_session_api, appid_dns_api) +{ + AppIdDnsSession* dsession = appid_session_api->get_dns_session(); + + const char* val = dsession->get_host(); + STRCMP_EQUAL(val, APPID_ID_UT_DNS_HOST); + uint8_t query_len = dsession->get_host_len(); + CHECK_TRUE(query_len == strlen(APPID_ID_UT_DNS_HOST)); + + uint16_t qoff; + qoff = dsession->get_host_offset(); + CHECK_TRUE(qoff == APPID_UT_DNS_HOST_OFFSET); + + uint16_t rt; + rt = dsession->get_record_type(); + CHECK_TRUE(rt == APPID_UT_DNS_PATTERN_CNAME_REC); + + uint8_t rc; + rc = dsession->get_response_type(); + CHECK_TRUE(rc == APPID_UT_DNS_NOERROR); + + uint32_t ttl; + ttl = dsession->get_ttl(); + CHECK_TRUE(ttl == APPID_UT_DNS_TTL); +} + +TEST(appid_session_api, dhcp_fp_data) +{ + DHCPData* val; + val = appid_session_api->get_dhcp_fp_data(); + CHECK_TRUE(!val); + val = new DHCPData; + mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_FP_DATA, nullptr); + val = appid_session_api->get_dhcp_fp_data(); + CHECK_TRUE(val); + appid_session_api->free_dhcp_fp_data(val); + val = appid_session_api->get_dhcp_fp_data(); + CHECK_TRUE(!val); +} + +TEST(appid_session_api, dhcp_info) +{ + DHCPInfo* val; + val = appid_session_api->get_dhcp_info(); + CHECK_TRUE(!val); + val = new DHCPInfo; + mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_INFO, nullptr); + val = appid_session_api->get_dhcp_info(); + CHECK_TRUE(val); + appid_session_api->free_dhcp_info(val); + val = appid_session_api->get_dhcp_info(); + CHECK_TRUE(!val); +} + +TEST(appid_session_api, smb_fp_data) +{ + FpSMBData* val; + val = appid_session_api->get_smb_fp_data(); + CHECK_TRUE(!val); + val = new FpSMBData; + mock_session->add_flow_data(val, APPID_SESSION_DATA_SMB_DATA, nullptr); + val = appid_session_api->get_smb_fp_data(); + CHECK_TRUE(val); + appid_session_api->free_smb_fp_data(val); + val = appid_session_api->get_smb_fp_data(); + CHECK_TRUE(!val); +} + +TEST(appid_session_api, is_http_inspection_done) +{ + bool val; + val = appid_session_api->is_http_inspection_done(); + CHECK_TRUE(val); +} + +int main(int argc, char** argv) +{ + mock_init_appid_pegs(); + mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector); + int rc = CommandLineTestRunner::RunAllTests(argc, argv); + mock_cleanup_appid_pegs(); + return rc; +} +