"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/appid/fw_appid.h" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

[ To the main snort source changes report ]

fw_appid.h  (snort-2.9.16.1):fw_appid.h  (snort-2.9.17)
skipping to change at line 108 skipping to change at line 108
tAppId getOpenAppId(void *ssnptr); tAppId getOpenAppId(void *ssnptr);
void appSetServiceDetectorCallback(RNAServiceCallbackFCN fcn, tAppId appId, stru ct _Detector *userdata, tAppIdConfig *pConfig); void appSetServiceDetectorCallback(RNAServiceCallbackFCN fcn, tAppId appId, stru ct _Detector *userdata, tAppIdConfig *pConfig);
void appSetClientDetectorCallback(RNAClientAppCallbackFCN fcn, tAppId appId, str uct _Detector *userdata, tAppIdConfig *pConfig); void appSetClientDetectorCallback(RNAClientAppCallbackFCN fcn, tAppId appId, str uct _Detector *userdata, tAppIdConfig *pConfig);
void appSetServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsigned extractsInfo, tAppIdConfig *pConfig); void appSetServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsigned extractsInfo, tAppIdConfig *pConfig);
void appSetLuaServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsign ed extractsInfo, struct _Detector *dat); void appSetLuaServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsign ed extractsInfo, struct _Detector *dat);
void appSetClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extractsI nfo, tAppIdConfig *pConfig); void appSetClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extractsI nfo, tAppIdConfig *pConfig);
void appSetLuaClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extrac tsInfo, struct _Detector *data); void appSetLuaClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extrac tsInfo, struct _Detector *data);
int sslAppGroupIdLookup(void *ssnptr, const char * serverName, const char * comm onName, tAppId *serviceAppId, tAppId *clientAppId, tAppId *payloadAppId); int sslAppGroupIdLookup(void *ssnptr, const char * serverName, const char * comm onName, tAppId *serviceAppId, tAppId *clientAppId, tAppId *payloadAppId);
tAppId getAppId(void *ssnptr);
tAppId getAppId(void *ssnptr);
void CheckDetectorCallback(const SFSnortPacket *p, tAppIdData *session, APPID_SE SSION_DIRECTION direction, tAppId appId, const tAppIdConfig *pConfig); void CheckDetectorCallback(const SFSnortPacket *p, tAppIdData *session, APPID_SE SSION_DIRECTION direction, tAppId appId, const tAppIdConfig *pConfig);
void setTlsHost(void *ssnptr, const char *serverName, const char *commonName,
const char *orgName, const char *subjectAltName, bool isSniMismatch,
tAppId *serviceAppId, tAppId *clientAppId, tAppId *payloadAppId);
#ifdef FW_TRACKER_DEBUG #ifdef FW_TRACKER_DEBUG
void logAppIdInfo(SFSnortPacket *p, char *message, tAppId id); void logAppIdInfo(SFSnortPacket *p, char *message, tAppId id);
#endif #endif
int AppIdDebug(uint16_t type, const uint8_t *data, uint32_t length, void **new_c ontext, int AppIdDebug(uint16_t type, const uint8_t *data, uint32_t length, void **new_c ontext,
char* statusBuf, int statusBuf_len); char* statusBuf, int statusBuf_len);
extern char app_id_debug_session[FW_DEBUG_SESSION_ID_SIZE]; extern char app_id_debug_session[FW_DEBUG_SESSION_ID_SIZE];
extern bool app_id_debug_session_flag; extern bool app_id_debug_session_flag;
skipping to change at line 133 skipping to change at line 136
extern PreprocStats clientMatchPerfStats; extern PreprocStats clientMatchPerfStats;
extern PreprocStats serviceMatchPerfStats; extern PreprocStats serviceMatchPerfStats;
extern PreprocStats luaDetectorsPerfStats; extern PreprocStats luaDetectorsPerfStats;
extern PreprocStats luaCiscoPerfStats; extern PreprocStats luaCiscoPerfStats;
extern PreprocStats luaCustomPerfStats; extern PreprocStats luaCustomPerfStats;
extern PreprocStats tpPerfStats; extern PreprocStats tpPerfStats;
extern PreprocStats tpLibPerfStats; extern PreprocStats tpLibPerfStats;
#endif #endif
extern unsigned dhcp_fp_table_size; extern unsigned dhcp_fp_table_size;
extern unsigned long app_id_ongoing_session;
extern unsigned long app_id_total_alloc;
extern unsigned long app_id_raw_packet_count; extern unsigned long app_id_raw_packet_count;
extern unsigned long app_id_processed_packet_count; extern unsigned long app_id_processed_packet_count;
extern unsigned long app_id_ignored_packet_count; extern unsigned long app_id_ignored_packet_count;
extern int app_id_debug; extern int app_id_debug;
extern unsigned isIPv4HostMonitored(uint32_t ip4, int32_t zone); extern unsigned isIPv4HostMonitored(uint32_t ip4, int32_t zone);
extern void checkSandboxDetection(tAppId appId); extern void checkSandboxDetection(tAppId appId);
static inline void initializePriorityArray() static inline void initializePriorityArray()
{ {
int i; int i;
for (i=0; i < SF_APPID_MAX; i++) for (i=0; i < SF_APPID_MAX; i++)
skipping to change at line 291 skipping to change at line 296
static inline tAppId pickClientAppId(tAppIdData *flow) static inline tAppId pickClientAppId(tAppIdData *flow)
{ {
if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL) if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
return APP_ID_NONE; return APP_ID_NONE;
if (flow->clientAppId > APP_ID_NONE) if (flow->clientAppId > APP_ID_NONE)
return flow->clientAppId; return flow->clientAppId;
return APP_ID_NONE; return APP_ID_NONE;
} }
static inline bool isSvcHttpType(tAppId app_id)
{
switch(app_id)
{
case APP_ID_HTTP:
case APP_ID_HTTPS:
case APP_ID_FTPS:
case APP_ID_IMAPS:
case APP_ID_IRCS:
case APP_ID_LDAPS:
case APP_ID_NNTPS:
case APP_ID_POP3S:
case APP_ID_SMTPS:
case APP_ID_SSHELL:
case APP_ID_SSL:
return true;
}
return false;
}
static inline tAppId pickPayloadId(tAppIdData *flow) static inline tAppId pickPayloadId(tAppIdData *flow)
{ {
if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL) if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
return APP_ID_NONE; return APP_ID_NONE;
// if we have a deferred payload, just use it. // if we have a deferred payload, just use it.
// we are not worried about the APP_ID_UNKNOWN case here // we are not worried about the APP_ID_UNKNOWN case here
if (appInfoEntryFlagGet(flow->tpPayloadAppId, APPINFO_FLAG_DEFER_PAYLOAD, ap pIdActiveConfigGet())) if (appInfoEntryFlagGet(flow->tpPayloadAppId, APPINFO_FLAG_DEFER_PAYLOAD, ap pIdActiveConfigGet()))
return flow->tpPayloadAppId; return flow->tpPayloadAppId;
else if (flow->payloadAppId > APP_ID_NONE) if (flow->payloadAppId > APP_ID_NONE)
return flow->payloadAppId; return flow->payloadAppId;
else if (flow->tpPayloadAppId > APP_ID_NONE) if (flow->tpPayloadAppId > APP_ID_NONE)
return flow->tpPayloadAppId; return flow->tpPayloadAppId;
/* APP_ID_UNKNOWN is valid only for HTTP type services */
if (flow->payloadAppId == APP_ID_UNKNOWN &&
isSvcHttpType(flow->serviceAppId))
return APP_ID_UNKNOWN;
return APP_ID_NONE; return APP_ID_NONE;
} }
static inline SFGHASH* pickMultiPayloadList(tAppIdData *flow) static inline SFGHASH* pickMultiPayloadList(tAppIdData *flow)
{ {
if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL) if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
return NULL; return NULL;
if (flow->multiPayloadList) if (flow->multiPayloadList)
return flow->multiPayloadList; return flow->multiPayloadList;
return NULL; return NULL;
 End of changes. 8 change blocks. 
4 lines changed or deleted 32 lines changed or added
To the Header Files section of the snort source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)