"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/appid/luaDetectorApi.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

luaDetectorApi.c  (snort-2.9.16.1):luaDetectorApi.c  (snort-2.9.17)
skipping to change at line 69 skipping to change at line 69
typedef enum { typedef enum {
LUA_LOG_CRITICAL = 0, LUA_LOG_CRITICAL = 0,
LUA_LOG_ERR = 1, LUA_LOG_ERR = 1,
LUA_LOG_WARN = 2, LUA_LOG_WARN = 2,
LUA_LOG_NOTICE = 3, LUA_LOG_NOTICE = 3,
LUA_LOG_INFO = 4, LUA_LOG_INFO = 4,
LUA_LOG_DEBUG = 5, LUA_LOG_DEBUG = 5,
} LUA_LOG_LEVELS; } LUA_LOG_LEVELS;
/*static const char * LuaLogLabel = "luaDetectorApi"; */ /*static const char * LuaLogLabel = "luaDetectorApi"; */
static ThrottleInfo error_throttleInfo = {0,30,0};
#ifdef PERF_PROFILING #ifdef PERF_PROFILING
PreprocStats luaDetectorsPerfStats; PreprocStats luaDetectorsPerfStats;
PreprocStats luaCiscoPerfStats; PreprocStats luaCiscoPerfStats;
PreprocStats luaCustomPerfStats; PreprocStats luaCustomPerfStats;
#endif #endif
static void FreeDetectorAppUrlPattern(DetectorAppUrlPattern *pattern); static void FreeDetectorAppUrlPattern(DetectorAppUrlPattern *pattern);
static DetectorUserData *toDetectorUserData (lua_State *L, int index) static DetectorUserData *toDetectorUserData (lua_State *L, int index)
skipping to change at line 300 skipping to change at line 301
{ {
detector->validateParams.pkt = NULL; detector->validateParams.pkt = NULL;
PREPROC_PROFILE_END((*pPerfStats2)); PREPROC_PROFILE_END((*pPerfStats2));
PREPROC_PROFILE_END((*pPerfStats1)); PREPROC_PROFILE_END((*pPerfStats1));
PREPROC_PROFILE_END(luaDetectorsPerfStats); PREPROC_PROFILE_END(luaDetectorsPerfStats);
return -11; return -11;
} }
if ((!callbackFn) || !(lua_checkstack(myLuaState, 1))) if ((!callbackFn) || !(lua_checkstack(myLuaState, 1)))
{ {
_dpd.errMsg("Detector %s: invalid LUA %s\n", detectorName, lua_tostring( _dpd.errMsgThrottled(&error_throttleInfo,
myLuaState, -1)); "Detector %s: invalid LUA %s\n",
detectorName, lua_tostring(myLuaState, -1));
detector->validateParams.pkt = NULL; detector->validateParams.pkt = NULL;
pthread_mutex_unlock(&detector->luaReloadMutex); pthread_mutex_unlock(&detector->luaReloadMutex);
PREPROC_PROFILE_END((*pPerfStats2)); PREPROC_PROFILE_END((*pPerfStats2));
PREPROC_PROFILE_END((*pPerfStats1)); PREPROC_PROFILE_END((*pPerfStats1));
PREPROC_PROFILE_END(luaDetectorsPerfStats); PREPROC_PROFILE_END(luaDetectorsPerfStats);
return -10; return -10;
} }
lua_getglobal(myLuaState, callbackFn); lua_getglobal(myLuaState, callbackFn);
skipping to change at line 783 skipping to change at line 786
detector->validateParams.flowp = args->flowp; detector->validateParams.flowp = args->flowp;
detector->validateParams.pkt = args->pkt; detector->validateParams.pkt = args->pkt;
serverName = detector->name; serverName = detector->name;
/*Note: Some frequently used header fields may be extracted and stored in de tector for */ /*Note: Some frequently used header fields may be extracted and stored in de tector for */
/*better performance. */ /*better performance. */
pthread_mutex_lock(&detector->luaReloadMutex); pthread_mutex_lock(&detector->luaReloadMutex);
if ((!detector->packageInfo.server.validateFunctionName) || !(lua_checkstack (myLuaState, 1))) if ((!detector->packageInfo.server.validateFunctionName) || !(lua_checkstack (myLuaState, 1)))
{ {
_dpd.errMsg("server %s: invalid LUA %s\n",serverName, lua_tostring(myLua _dpd.errMsgThrottled(&error_throttleInfo,
State, -1)); "server %s: invalid LUA %s\n",
serverName, lua_tostring(myLuaState, -1));
detector->validateParams.pkt = NULL; detector->validateParams.pkt = NULL;
pthread_mutex_unlock(&detector->luaReloadMutex); pthread_mutex_unlock(&detector->luaReloadMutex);
PREPROC_PROFILE_END((*pPerfStats2)); PREPROC_PROFILE_END((*pPerfStats2));
PREPROC_PROFILE_END((*pPerfStats1)); PREPROC_PROFILE_END((*pPerfStats1));
PREPROC_PROFILE_END((luaDetectorsPerfStats)); PREPROC_PROFILE_END((luaDetectorsPerfStats));
return SERVICE_ENULL; return SERVICE_ENULL;
} }
lua_getglobal(myLuaState, detector->packageInfo.server.validateFunctionName) ; lua_getglobal(myLuaState, detector->packageInfo.server.validateFunctionName) ;
skipping to change at line 1695 skipping to change at line 1700
detector->validateParams.size = size; detector->validateParams.size = size;
detector->validateParams.dir = dir; detector->validateParams.dir = dir;
detector->validateParams.flowp = flowp; detector->validateParams.flowp = flowp;
detector->validateParams.pkt = (SFSnortPacket *)pkt; detector->validateParams.pkt = (SFSnortPacket *)pkt;
validateFn = detector->packageInfo.client.validateFunctionName; validateFn = detector->packageInfo.client.validateFunctionName;
clientName = detector->name; clientName = detector->name;
pthread_mutex_lock(&detector->luaReloadMutex); pthread_mutex_lock(&detector->luaReloadMutex);
if ((!validateFn) || !(lua_checkstack(myLuaState, 1))) if ((!validateFn) || !(lua_checkstack(myLuaState, 1)))
{ {
_dpd.errMsg("client %s: invalid LUA %s\n",clientName, lua_tostring(myLua _dpd.errMsgThrottled(&error_throttleInfo,
State, -1)); "client %s: invalid LUA %s\n",
clientName, lua_tostring(myLuaState, -1));
detector->validateParams.pkt = NULL; detector->validateParams.pkt = NULL;
pthread_mutex_unlock(&detector->luaReloadMutex); pthread_mutex_unlock(&detector->luaReloadMutex);
PREPROC_PROFILE_END((*pPerfStats2)); PREPROC_PROFILE_END((*pPerfStats2));
PREPROC_PROFILE_END((*pPerfStats1)); PREPROC_PROFILE_END((*pPerfStats1));
PREPROC_PROFILE_END(luaDetectorsPerfStats); PREPROC_PROFILE_END(luaDetectorsPerfStats);
return CLIENT_APP_ENULL; return CLIENT_APP_ENULL;
} }
lua_getglobal(myLuaState, validateFn); lua_getglobal(myLuaState, validateFn);
skipping to change at line 3070 skipping to change at line 3077
tmpString = lua_tolstring(L, index++, &pathPatternSize); tmpString = lua_tolstring(L, index++, &pathPatternSize);
if(!tmpString || !pathPatternSize) if(!tmpString || !pathPatternSize)
{ {
_dpd.errMsg( "Invalid path pattern string: service_id %u; client_id %u; payload_id %u\n.",service_id, client_id, payload_id); _dpd.errMsg( "Invalid path pattern string: service_id %u; client_id %u; payload_id %u\n.",service_id, client_id, payload_id);
free(hostPattern); free(hostPattern);
return 0; return 0;
} }
else if (!(pathPattern = (u_int8_t *)strdup(tmpString))) else if (!(pathPattern = (u_int8_t *)strdup(tmpString)))
{ {
_dpd.errMsg( "Failed to duplicate path pattern: %s, service_id %u; clien t_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id); _dpd.errMsg( "Failed to duplicate path pattern: %s, service_id %u; clien t_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id);
free(hostPattern);
return 0; return 0;
} }
/* Verify that scheme pattern is a valid string */ /* Verify that scheme pattern is a valid string */
size_t schemePatternSize; size_t schemePatternSize;
u_int8_t* schemePattern = NULL; u_int8_t* schemePattern = NULL;
tmpString = lua_tolstring(L, index++, &schemePatternSize); tmpString = lua_tolstring(L, index++, &schemePatternSize);
if(!tmpString || !schemePatternSize) if(!tmpString || !schemePatternSize)
{ {
_dpd.errMsg( "Invalid scheme pattern string: service_id %u; client_id %u ; payload_id %u\n.",service_id, client_id, payload_id); _dpd.errMsg( "Invalid scheme pattern string: service_id %u; client_id %u ; payload_id %u\n.",service_id, client_id, payload_id);
free(pathPattern); free(pathPattern);
free(hostPattern); free(hostPattern);
return 0; return 0;
} }
else if (!(schemePattern = (u_int8_t*) strdup(tmpString))) else if (!(schemePattern = (u_int8_t*) strdup(tmpString)))
{ {
_dpd.errMsg( "Failed to duplicate scheme pattern: %s, service_id %u; cli ent_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id); _dpd.errMsg( "Failed to duplicate scheme pattern: %s, service_id %u; cli ent_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id);
free(pathPattern);
free(hostPattern);
return 0; return 0;
} }
/* Verify that query pattern is a valid string */ /* Verify that query pattern is a valid string */
size_t queryPatternSize; size_t queryPatternSize;
u_int8_t* queryPattern = NULL; u_int8_t* queryPattern = NULL;
tmpString = lua_tolstring(L, index++, &queryPatternSize); tmpString = lua_tolstring(L, index++, &queryPatternSize);
if(tmpString && queryPatternSize) if(tmpString && queryPatternSize)
{ {
if (!(queryPattern = (u_int8_t*) strdup(tmpString))) if (!(queryPattern = (u_int8_t*) strdup(tmpString)))
skipping to change at line 3217 skipping to change at line 3227
tmpString = lua_tolstring(L, index++, &pathPatternSize); tmpString = lua_tolstring(L, index++, &pathPatternSize);
if(!tmpString || !pathPatternSize) if(!tmpString || !pathPatternSize)
{ {
_dpd.errMsg( "Invalid path pattern string: service_id %u; client_id %u; payload_id %u\n.",service_id, client_id, payload_id); _dpd.errMsg( "Invalid path pattern string: service_id %u; client_id %u; payload_id %u\n.",service_id, client_id, payload_id);
free(hostPattern); free(hostPattern);
return 0; return 0;
} }
else if (!(pathPattern = (u_int8_t *)strdup(tmpString))) else if (!(pathPattern = (u_int8_t *)strdup(tmpString)))
{ {
_dpd.errMsg( "Failed to duplicate path pattern: %s, service_id %u; clien t_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id); _dpd.errMsg( "Failed to duplicate path pattern: %s, service_id %u; clien t_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id);
free(hostPattern);
return 0; return 0;
} }
/* Verify that scheme pattern is a valid string */ /* Verify that scheme pattern is a valid string */
size_t schemePatternSize; size_t schemePatternSize;
u_int8_t* schemePattern = NULL; u_int8_t* schemePattern = NULL;
tmpString = lua_tolstring(L, index++, &schemePatternSize); tmpString = lua_tolstring(L, index++, &schemePatternSize);
if(!tmpString || !schemePatternSize) if(!tmpString || !schemePatternSize)
{ {
_dpd.errMsg( "Invalid scheme pattern string: service_id %u; client_id %u ; payload_id %u\n",service_id, client_id, payload_id); _dpd.errMsg( "Invalid scheme pattern string: service_id %u; client_id %u ; payload_id %u\n",service_id, client_id, payload_id);
free(pathPattern); free(pathPattern);
free(hostPattern); free(hostPattern);
return 0; return 0;
} }
else if (!(schemePattern = (u_int8_t*) strdup(tmpString))) else if (!(schemePattern = (u_int8_t*) strdup(tmpString)))
{ {
_dpd.errMsg( "Failed to duplicate scheme pattern: %s, service_id %u; cli ent_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id); _dpd.errMsg( "Failed to duplicate scheme pattern: %s, service_id %u; cli ent_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id);
free(pathPattern);
free(hostPattern);
return 0; return 0;
} }
/* Verify that query pattern is a valid string */ /* Verify that query pattern is a valid string */
size_t queryPatternSize; size_t queryPatternSize;
u_int8_t* queryPattern = NULL; u_int8_t* queryPattern = NULL;
tmpString = lua_tolstring(L, index++, &queryPatternSize); tmpString = lua_tolstring(L, index++, &queryPatternSize);
if(tmpString && queryPatternSize) if(tmpString && queryPatternSize)
{ {
if (!(queryPattern = (u_int8_t*) strdup(tmpString))) if (!(queryPattern = (u_int8_t*) strdup(tmpString)))
skipping to change at line 3638 skipping to change at line 3651
tmpString = lua_tolstring(L, index++, &pathPatternSize); tmpString = lua_tolstring(L, index++, &pathPatternSize);
if(!tmpString || !pathPatternSize) if(!tmpString || !pathPatternSize)
{ {
_dpd.errMsg( "Invalid path pattern string: service_id %u; client_id %u; payload %u\n.",service_id, client_id, payload_id); _dpd.errMsg( "Invalid path pattern string: service_id %u; client_id %u; payload %u\n.",service_id, client_id, payload_id);
free(hostPattern); free(hostPattern);
return 0; return 0;
} }
else if (!(pathPattern = (u_int8_t *)strdup(tmpString))) else if (!(pathPattern = (u_int8_t *)strdup(tmpString)))
{ {
_dpd.errMsg( "Failed to duplicate path pattern: %s, service_id %u; clien t_id %u; payload %u\n.",tmpString, service_id, client_id, payload_id); _dpd.errMsg( "Failed to duplicate path pattern: %s, service_id %u; clien t_id %u; payload %u\n.",tmpString, service_id, client_id, payload_id);
free(hostPattern);
return 0; return 0;
} }
/* Verify that scheme pattern is a valid string */ /* Verify that scheme pattern is a valid string */
size_t schemePatternSize; size_t schemePatternSize;
u_int8_t* schemePattern = NULL; u_int8_t* schemePattern = NULL;
tmpString = lua_tolstring(L, index++, &schemePatternSize); tmpString = lua_tolstring(L, index++, &schemePatternSize);
if(!tmpString || !schemePatternSize) if(!tmpString || !schemePatternSize)
{ {
_dpd.errMsg( "Invalid scheme pattern string: service_id %u; client_id %u ; payload_id %u\n",service_id, client_id, payload_id); _dpd.errMsg( "Invalid scheme pattern string: service_id %u; client_id %u ; payload_id %u\n",service_id, client_id, payload_id);
free(pathPattern); free(pathPattern);
free(hostPattern); free(hostPattern);
return 0; return 0;
} }
else if (!(schemePattern = (u_int8_t*) strdup(tmpString))) else if (!(schemePattern = (u_int8_t*) strdup(tmpString)))
{ {
_dpd.errMsg( "Failed to duplicate scheme pattern: %s, service_id %u; cli ent_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id); _dpd.errMsg( "Failed to duplicate scheme pattern: %s, service_id %u; cli ent_id %u; payload_id %u\n.",tmpString, service_id, client_id, payload_id);
free(pathPattern);
free(hostPattern);
return 0; return 0;
} }
/* Allocate memory for data structures */ /* Allocate memory for data structures */
DetectorAppUrlPattern *pattern = malloc(sizeof(DetectorAppUrlPattern)); DetectorAppUrlPattern *pattern = malloc(sizeof(DetectorAppUrlPattern));
if (!pattern) if (!pattern)
{ {
_dpd.errMsg( "Failed to allocate HTTP pattern memory."); _dpd.errMsg( "Failed to allocate HTTP pattern memory.");
free(hostPattern); free(hostPattern);
free(pathPattern); free(pathPattern);
skipping to change at line 4145 skipping to change at line 4161
if (_dpd.sessionAPI->get_session_flags(detectorUserData->pDetector->validate Params.pkt->stream_session) & SSNFLAG_MIDSTREAM) if (_dpd.sessionAPI->get_session_flags(detectorUserData->pDetector->validate Params.pkt->stream_session) & SSNFLAG_MIDSTREAM)
{ {
lua_pushnumber(L, 1); lua_pushnumber(L, 1);
return 1; return 1;
} }
lua_pushnumber(L, 0); lua_pushnumber(L, 0);
return 0; return 0;
} }
/* Check if traffic is going through an HTTP proxy */
static int isHttpTunnel(lua_State *L)
{
DetectorUserData *detectorUserData = NULL;
detectorUserData = checkDetectorUserData(L, 1);
/*check inputs and whether this function is called in context of a packet */
if (!detectorUserData || !detectorUserData->pDetector->validateParams.pkt)
return -1;
httpSession *hsession = detectorUserData->pDetector->validateParams.flowp->h
session;
if (hsession)
{
tunnelDest *tunDest = hsession->tunDest;
if (tunDest)
{
lua_pushboolean(L, 1);
return 1;
}
}
lua_pushboolean(L, 0);
return 0;
}
/* Get destination IP tunneled through a proxy */
static int getHttpTunneledIp(lua_State* L)
{
DetectorUserData *detectorUserData = NULL;
detectorUserData = checkDetectorUserData(L, 1);
/*check inputs and whether this function is called in context of a packet */
if (!detectorUserData || !detectorUserData->pDetector->validateParams.pkt)
return -1;
httpSession *hsession = detectorUserData->pDetector->validateParams.flowp->h
session;
if (hsession)
{
tunnelDest *tunDest = hsession->tunDest;
if (!tunDest)
lua_pushnumber(L, 0);
else
lua_pushnumber(L, sfaddr_get_ip4_value(&(tunDest->ip)));
}
return 1;
}
/* Get port tunneled through a proxy */
static int getHttpTunneledPort(lua_State* L)
{
DetectorUserData *detectorUserData = NULL;
detectorUserData = checkDetectorUserData(L, 1);
/*check inputs and whether this function is called in context of a packet */
if (!detectorUserData || !detectorUserData->pDetector->validateParams.pkt)
return -1;
httpSession *hsession = detectorUserData->pDetector->validateParams.flowp->h
session;
if (hsession)
{
tunnelDest *tunDest = hsession->tunDest;
if (!tunDest)
lua_pushnumber(L, 0);
else
lua_pushnumber(L, tunDest->port);
}
return 1;
}
/*Lua should inject patterns in <clientAppId, classId> format. */ /*Lua should inject patterns in <clientAppId, classId> format. */
static int Detector_addCipConnectionClass(lua_State *L) static int Detector_addCipConnectionClass(lua_State *L)
{ {
int index = 1; int index = 1;
DetectorUserData *detectorUserData = checkDetectorUserData(L, index++); DetectorUserData *detectorUserData = checkDetectorUserData(L, index++);
if (!detectorUserData || detectorUserData->pDetector->validateParams.pkt) if (!detectorUserData || detectorUserData->pDetector->validateParams.pkt)
{ {
_dpd.errMsg("%s: Invalid detector user data or context.\n", __func__); _dpd.errMsg("%s: Invalid detector user data or context.\n", __func__);
return -1; return -1;
skipping to change at line 4425 skipping to change at line 4515
{"open_addPayloadApp", openAddPayloadApp}, {"open_addPayloadApp", openAddPayloadApp},
{"open_addHttpPattern", openAddHttpPattern}, {"open_addHttpPattern", openAddHttpPattern},
{"open_addUrlPattern", openAddUrlPattern}, {"open_addUrlPattern", openAddUrlPattern},
{"addPortPatternClient", addPortPatternClient}, {"addPortPatternClient", addPortPatternClient},
{"addPortPatternService", addPortPatternService}, {"addPortPatternService", addPortPatternService},
{"createFutureFlow", createFutureFlow}, {"createFutureFlow", createFutureFlow},
{"isMidStreamSession", isMidStreamSession}, {"isMidStreamSession", isMidStreamSession},
{ "isHttpTunnel", isHttpTunnel },
{ "getHttpTunneledIp", getHttpTunneledIp },
{ "getHttpTunneledPort", getHttpTunneledPort },
{0, 0} {0, 0}
}; };
/**This function performs a clean exit on an api instance. It is called when RNA is performing /**This function performs a clean exit on an api instance. It is called when RNA is performing
* a clean exit. * a clean exit.
*/ */
void Detector_fini(void *data) void Detector_fini(void *data)
{ {
lua_State *myLuaState; lua_State *myLuaState;
Detector *detector = (Detector*) data; Detector *detector = (Detector*) data;
 End of changes. 12 change blocks. 
6 lines changed or deleted 100 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)