"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/network_inspectors/appid/appid_session.cc" between
snort3-3.1.36.0.tar.gz and snort3-3.1.38.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

appid_session.cc  (snort3-3.1.36.0):appid_session.cc  (snort3-3.1.38.0)
skipping to change at line 209 skipping to change at line 209
case IpProtocol::IP: case IpProtocol::IP:
return PktType::IP; return PktType::IP;
default: default:
break; break;
} }
return PktType::NONE; return PktType::NONE;
} }
AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S fIp* cliIp, AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S fIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto, uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto,
SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirection SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirection
al) al,
bool expect_persist)
{ {
enum PktType type = get_pkt_type_from_ip_proto(proto); enum PktType type = get_pkt_type_from_ip_proto(proto);
if (type == PktType::NONE) if (type == PktType::NONE)
{ {
if (appidDebug->is_active()) if (appidDebug->is_active())
LogMessage("AppIdDbg %s Failed to create a related flow - invalid pr otocol %u\n", LogMessage("AppIdDbg %s Failed to create a related flow - invalid pr otocol %u\n",
appidDebug->get_debug_session(), (unsigned)proto); appidDebug->get_debug_session(), (unsigned)proto);
return nullptr; return nullptr;
} }
skipping to change at line 235 skipping to change at line 236
if ((inspector == nullptr) || strcmp(inspector->get_name(), MOD_NAME)) if ((inspector == nullptr) || strcmp(inspector->get_name(), MOD_NAME))
inspector = (AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, t rue); inspector = (AppIdInspector*)InspectorManager::get_inspector(MOD_NAME, t rue);
// FIXIT-RC - port parameter passed in as 0 since we may not know client por t, verify // FIXIT-RC - port parameter passed in as 0 since we may not know client por t, verify
AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector, AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector,
inspector->get_ctxt().get_odp_ctxt(), ctrlPkt->pkth->address_space_id); inspector->get_ctxt().get_odp_ctxt(), ctrlPkt->pkth->address_space_id);
is_session_monitored(asd->flags, ctrlPkt, *inspector); is_session_monitored(asd->flags, ctrlPkt, *inspector);
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp, if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, fal cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, fal
se, bidirectional)) se,
bidirectional, expect_persist))
{ {
if (appidDebug->is_active()) if (appidDebug->is_active())
{ {
sfip_ntop(cliIp, src_ip, sizeof(src_ip)); sfip_ntop(cliIp, src_ip, sizeof(src_ip));
sfip_ntop(srvIp, dst_ip, sizeof(dst_ip)); sfip_ntop(srvIp, dst_ip, sizeof(dst_ip));
LogMessage("AppIdDbg %s Failed to create a related flow for %s-%u -> %s-%u %u\n", LogMessage("AppIdDbg %s Failed to create a related flow for %s-%u -> %s-%u %u\n",
appidDebug->get_debug_session(), src_ip, (unsigned)cliPort, dst_ ip, appidDebug->get_debug_session(), src_ip, (unsigned)cliPort, dst_ ip,
(unsigned)srvPort, (unsigned)proto); (unsigned)srvPort, (unsigned)proto);
} }
delete asd; delete asd;
skipping to change at line 412 skipping to change at line 414
if (isSsl) if (isSsl)
set_session_flags(APPID_SESSION_APP_REINSPECT_SSL); set_session_flags(APPID_SESSION_APP_REINSPECT_SSL);
} }
} }
void AppIdSession::check_tunnel_detection_restart() void AppIdSession::check_tunnel_detection_restart()
{ {
if (tp_payload_app_id != APP_ID_HTTP_TUNNEL or get_session_flags(APPID_SESSI ON_HTTP_TUNNEL)) if (tp_payload_app_id != APP_ID_HTTP_TUNNEL or get_session_flags(APPID_SESSI ON_HTTP_TUNNEL))
return; return;
AppIdHttpSession* hsession = get_http_session();
if (!hsession or !hsession->get_tunnel())
return;
if (appidDebug->is_active()) if (appidDebug->is_active())
LogMessage("AppIdDbg %s Found HTTP Tunnel, restarting app Detection\n", LogMessage("AppIdDbg %s Found HTTP Tunnel, restarting app Detection\n",
appidDebug->get_debug_session()); appidDebug->get_debug_session());
// service // service
if (api.service.get_id() == api.service.get_port_service_id()) if (api.service.get_id() == api.service.get_port_service_id())
api.service.set_id(APP_ID_NONE, odp_ctxt); api.service.set_id(APP_ID_NONE, odp_ctxt);
api.service.set_port_service_id(APP_ID_NONE); api.service.set_port_service_id(APP_ID_NONE);
api.service.reset(); api.service.reset();
service_disco_state = APPID_DISCO_STATE_NONE; service_disco_state = APPID_DISCO_STATE_NONE;
skipping to change at line 881 skipping to change at line 887
return APP_ID_NONE; return APP_ID_NONE;
if (tp_payload_app_id_deferred) if (tp_payload_app_id_deferred)
return tp_payload_app_id; return tp_payload_app_id;
AppId tmp_id = APP_ID_NONE; AppId tmp_id = APP_ID_NONE;
if (!api.hsessions.empty()) if (!api.hsessions.empty())
tmp_id = api.hsessions[0]->payload.get_id(); tmp_id = api.hsessions[0]->payload.get_id();
if (tmp_id > APP_ID_NONE) if (tmp_id > APP_ID_NONE)
{ {
if (tmp_id == APP_ID_HTTP_TUNNEL and tp_payload_app_id > APP_ID_NONE) if (tmp_id == APP_ID_HTTP_TUNNEL)
return tp_payload_app_id; {
if (api.payload.get_id() > APP_ID_NONE)
return api.payload.get_id();
else if (tp_payload_app_id > APP_ID_NONE)
return tp_payload_app_id;
}
else else
return tmp_id; return tmp_id;
} }
if (api.payload.get_id() > APP_ID_NONE) if (api.payload.get_id() > APP_ID_NONE)
return api.payload.get_id(); return api.payload.get_id();
if (tp_payload_app_id > APP_ID_NONE) if (tp_payload_app_id > APP_ID_NONE)
return tp_payload_app_id; return tp_payload_app_id;
 End of changes. 4 change blocks. 
6 lines changed or deleted 17 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)