"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/network_inspectors/appid/appid_session.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

appid_session.cc  (snort3-3.1.28.0):appid_session.cc  (snort3-3.1.29.0)
skipping to change at line 128 skipping to change at line 128
p->pkth->address_space_id); p->pkth->address_space_id);
is_session_monitored(asd->flags, p, inspector); is_session_monitored(asd->flags, p, inspector);
asd->flow = p->flow; asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec; asd->stats.first_packet_second = p->pkth->ts.tv_sec;
asd->snort_protocol_id = asd->config.snort_proto_ids[PROTO_INDEX_UNSYNCHRONI ZED]; asd->snort_protocol_id = asd->config.snort_proto_ids[PROTO_INDEX_UNSYNCHRONI ZED];
p->flow->set_flow_data(asd); p->flow->set_flow_data(asd);
return asd; return asd;
} }
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port, AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port,
AppIdInspector& inspector, OdpContext& odp_ctxt, uint16_t asid) AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid)
: FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config), : FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config),
initiator_port(port), asid(asid), protocol(proto), initiator_port(port), asid(asid), protocol(proto),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odp_ctxt), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odp_ctxt),
odp_ctxt_version(odp_ctxt.get_version()), odp_ctxt_version(odp_ctxt.get_version()),
tp_appid_ctxt(pkt_thread_tp_appid_ctxt) tp_appid_ctxt(pkt_thread_tp_appid_ctxt)
{ {
appid_stats.total_sessions++; appid_stats.total_sessions++;
} }
AppIdSession::~AppIdSession() AppIdSession::~AppIdSession()
skipping to change at line 496 skipping to change at line 496
break; break;
case APP_ID_TELNET: case APP_ID_TELNET:
misc_app_id = APP_ID_TELNET; misc_app_id = APP_ID_TELNET;
break; break;
case APP_ID_IRC: case APP_ID_IRC:
misc_app_id = APP_ID_IRCS; misc_app_id = APP_ID_IRCS;
break; break;
case APP_ID_POP3: case APP_ID_POP3:
misc_app_id = APP_ID_POP3S; misc_app_id = APP_ID_POP3S;
break; break;
case APP_ID_HTTP3:
case APP_ID_SMB_OVER_QUIC:
misc_app_id = APP_ID_QUIC;
default: default:
break; break;
} }
} }
void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits) void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits)
{ {
AppId client_id = 0; AppId client_id = 0;
AppId payload_id = 0; AppId payload_id = 0;
const char* tls_str = tsession->get_tls_host(); const char* tls_str = tsession->get_tls_host();
skipping to change at line 771 skipping to change at line 774
api.payload.set_id(APP_ID_UNKNOWN); api.payload.set_id(APP_ID_UNKNOWN);
set_session_flags(APPID_SESSION_SERVICE_DETECTED); set_session_flags(APPID_SESSION_SERVICE_DETECTED);
clear_session_flags(APPID_SESSION_CONTINUE); clear_session_flags(APPID_SESSION_CONTINUE);
} }
AppId AppIdSession::pick_service_app_id() const AppId AppIdSession::pick_service_app_id() const
{ {
AppId rval = APP_ID_NONE; AppId rval = APP_ID_NONE;
if (api.service.get_alpn_service_app_id() > APP_ID_NONE)
return api.service.get_alpn_service_app_id();
if (!tp_appid_ctxt) if (!tp_appid_ctxt)
{ {
if (is_service_detected()) if (is_service_detected())
{ {
if ((rval = api.service.get_id()) > APP_ID_NONE) if ((rval = api.service.get_id()) > APP_ID_NONE)
return rval; return rval;
else else
rval = APP_ID_UNKNOWN; rval = APP_ID_UNKNOWN;
} }
} }
 End of changes. 3 change blocks. 
1 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)