"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/appid/fw_appid.h" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

fw_appid.h  (snort-2.9.16.1):fw_appid.h  (snort-2.9.17)
skipping to change at line 108 skipping to change at line 108
tAppId getOpenAppId(void *ssnptr); tAppId getOpenAppId(void *ssnptr);
void appSetServiceDetectorCallback(RNAServiceCallbackFCN fcn, tAppId appId, stru ct _Detector *userdata, tAppIdConfig *pConfig); void appSetServiceDetectorCallback(RNAServiceCallbackFCN fcn, tAppId appId, stru ct _Detector *userdata, tAppIdConfig *pConfig);
void appSetClientDetectorCallback(RNAClientAppCallbackFCN fcn, tAppId appId, str uct _Detector *userdata, tAppIdConfig *pConfig); void appSetClientDetectorCallback(RNAClientAppCallbackFCN fcn, tAppId appId, str uct _Detector *userdata, tAppIdConfig *pConfig);
void appSetServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsigned extractsInfo, tAppIdConfig *pConfig); void appSetServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsigned extractsInfo, tAppIdConfig *pConfig);
void appSetLuaServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsign ed extractsInfo, struct _Detector *dat); void appSetLuaServiceValidator(RNAServiceValidationFCN fcn, tAppId appId, unsign ed extractsInfo, struct _Detector *dat);
void appSetClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extractsI nfo, tAppIdConfig *pConfig); void appSetClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extractsI nfo, tAppIdConfig *pConfig);
void appSetLuaClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extrac tsInfo, struct _Detector *data); void appSetLuaClientValidator(RNAClientAppFCN fcn, tAppId appId, unsigned extrac tsInfo, struct _Detector *data);
int sslAppGroupIdLookup(void *ssnptr, const char * serverName, const char * comm onName, tAppId *serviceAppId, tAppId *clientAppId, tAppId *payloadAppId); int sslAppGroupIdLookup(void *ssnptr, const char * serverName, const char * comm onName, tAppId *serviceAppId, tAppId *clientAppId, tAppId *payloadAppId);
tAppId getAppId(void *ssnptr);
tAppId getAppId(void *ssnptr);
void CheckDetectorCallback(const SFSnortPacket *p, tAppIdData *session, APPID_SE SSION_DIRECTION direction, tAppId appId, const tAppIdConfig *pConfig); void CheckDetectorCallback(const SFSnortPacket *p, tAppIdData *session, APPID_SE SSION_DIRECTION direction, tAppId appId, const tAppIdConfig *pConfig);
void setTlsHost(void *ssnptr, const char *serverName, const char *commonName,
const char *orgName, const char *subjectAltName, bool isSniMismatch,
tAppId *serviceAppId, tAppId *clientAppId, tAppId *payloadAppId);
#ifdef FW_TRACKER_DEBUG #ifdef FW_TRACKER_DEBUG
void logAppIdInfo(SFSnortPacket *p, char *message, tAppId id); void logAppIdInfo(SFSnortPacket *p, char *message, tAppId id);
#endif #endif
int AppIdDebug(uint16_t type, const uint8_t *data, uint32_t length, void **new_c ontext, int AppIdDebug(uint16_t type, const uint8_t *data, uint32_t length, void **new_c ontext,
char* statusBuf, int statusBuf_len); char* statusBuf, int statusBuf_len);
extern char app_id_debug_session[FW_DEBUG_SESSION_ID_SIZE]; extern char app_id_debug_session[FW_DEBUG_SESSION_ID_SIZE];
extern bool app_id_debug_session_flag; extern bool app_id_debug_session_flag;
skipping to change at line 133 skipping to change at line 136
extern PreprocStats clientMatchPerfStats; extern PreprocStats clientMatchPerfStats;
extern PreprocStats serviceMatchPerfStats; extern PreprocStats serviceMatchPerfStats;
extern PreprocStats luaDetectorsPerfStats; extern PreprocStats luaDetectorsPerfStats;
extern PreprocStats luaCiscoPerfStats; extern PreprocStats luaCiscoPerfStats;
extern PreprocStats luaCustomPerfStats; extern PreprocStats luaCustomPerfStats;
extern PreprocStats tpPerfStats; extern PreprocStats tpPerfStats;
extern PreprocStats tpLibPerfStats; extern PreprocStats tpLibPerfStats;
#endif #endif
extern unsigned dhcp_fp_table_size; extern unsigned dhcp_fp_table_size;
extern unsigned long app_id_ongoing_session;
extern unsigned long app_id_total_alloc;
extern unsigned long app_id_raw_packet_count; extern unsigned long app_id_raw_packet_count;
extern unsigned long app_id_processed_packet_count; extern unsigned long app_id_processed_packet_count;
extern unsigned long app_id_ignored_packet_count; extern unsigned long app_id_ignored_packet_count;
extern int app_id_debug; extern int app_id_debug;
extern unsigned isIPv4HostMonitored(uint32_t ip4, int32_t zone); extern unsigned isIPv4HostMonitored(uint32_t ip4, int32_t zone);
extern void checkSandboxDetection(tAppId appId); extern void checkSandboxDetection(tAppId appId);
static inline void initializePriorityArray() static inline void initializePriorityArray()
{ {
int i; int i;
for (i=0; i < SF_APPID_MAX; i++) for (i=0; i < SF_APPID_MAX; i++)
skipping to change at line 291 skipping to change at line 296
static inline tAppId pickClientAppId(tAppIdData *flow) static inline tAppId pickClientAppId(tAppIdData *flow)
{ {
if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL) if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
return APP_ID_NONE; return APP_ID_NONE;
if (flow->clientAppId > APP_ID_NONE) if (flow->clientAppId > APP_ID_NONE)
return flow->clientAppId; return flow->clientAppId;
return APP_ID_NONE; return APP_ID_NONE;
} }
static inline bool isSvcHttpType(tAppId app_id)
{
switch(app_id)
{
case APP_ID_HTTP:
case APP_ID_HTTPS:
case APP_ID_FTPS:
case APP_ID_IMAPS:
case APP_ID_IRCS:
case APP_ID_LDAPS:
case APP_ID_NNTPS:
case APP_ID_POP3S:
case APP_ID_SMTPS:
case APP_ID_SSHELL:
case APP_ID_SSL:
return true;
}
return false;
}
static inline tAppId pickPayloadId(tAppIdData *flow) static inline tAppId pickPayloadId(tAppIdData *flow)
{ {
if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL) if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
return APP_ID_NONE; return APP_ID_NONE;
// if we have a deferred payload, just use it. // if we have a deferred payload, just use it.
// we are not worried about the APP_ID_UNKNOWN case here // we are not worried about the APP_ID_UNKNOWN case here
if (appInfoEntryFlagGet(flow->tpPayloadAppId, APPINFO_FLAG_DEFER_PAYLOAD, ap pIdActiveConfigGet())) if (appInfoEntryFlagGet(flow->tpPayloadAppId, APPINFO_FLAG_DEFER_PAYLOAD, ap pIdActiveConfigGet()))
return flow->tpPayloadAppId; return flow->tpPayloadAppId;
else if (flow->payloadAppId > APP_ID_NONE) if (flow->payloadAppId > APP_ID_NONE)
return flow->payloadAppId; return flow->payloadAppId;
else if (flow->tpPayloadAppId > APP_ID_NONE) if (flow->tpPayloadAppId > APP_ID_NONE)
return flow->tpPayloadAppId; return flow->tpPayloadAppId;
/* APP_ID_UNKNOWN is valid only for HTTP type services */
if (flow->payloadAppId == APP_ID_UNKNOWN &&
isSvcHttpType(flow->serviceAppId))
return APP_ID_UNKNOWN;
return APP_ID_NONE; return APP_ID_NONE;
} }
static inline SFGHASH* pickMultiPayloadList(tAppIdData *flow) static inline SFGHASH* pickMultiPayloadList(tAppIdData *flow)
{ {
if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL) if (!flow || flow->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
return NULL; return NULL;
if (flow->multiPayloadList) if (flow->multiPayloadList)
return flow->multiPayloadList; return flow->multiPayloadList;
return NULL; return NULL;
 End of changes. 8 change blocks. 
4 lines changed or deleted 32 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)