"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/network_inspectors/appid/tp_appid_utils.cc" between
snort3-3.1.36.0.tar.gz and snort3-3.1.38.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

tp_appid_utils.cc  (snort3-3.1.36.0):tp_appid_utils.cc  (snort3-3.1.38.0)
skipping to change at line 45 skipping to change at line 45
#include "app_info_table.h" #include "app_info_table.h"
#include "appid_config.h" #include "appid_config.h"
#include "appid_debug.h" #include "appid_debug.h"
#include "appid_http_session.h" #include "appid_http_session.h"
#include "appid_inspector.h" #include "appid_inspector.h"
#include "detector_plugins/http_url_patterns.h" #include "detector_plugins/http_url_patterns.h"
#include "service_plugins/service_ssl.h" #include "service_plugins/service_ssl.h"
#include "tp_appid_utils.h" #include "tp_appid_utils.h"
#include "tp_lib_handler.h" #include "tp_lib_handler.h"
#define HTTP_CONNECT_RESPONSE_LEN 13
using namespace std; using namespace std;
using namespace snort; using namespace snort;
typedef AppIdHttpSession::pair_t pair_t; typedef AppIdHttpSession::pair_t pair_t;
static inline bool contains(const vector<AppId>& vec, const AppId val) static inline bool contains(const vector<AppId>& vec, const AppId val)
{ {
for (const auto& elem : vec) for (const auto& elem : vec)
if (elem == val) if (elem == val)
return true; return true;
skipping to change at line 402 skipping to change at line 404
static inline void process_ftp_control(AppIdSession& asd, static inline void process_ftp_control(AppIdSession& asd,
ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits) ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits)
{ {
const string* field=nullptr; const string* field=nullptr;
if (!asd.get_odp_ctxt().ftp_userid_disabled && if (!asd.get_odp_ctxt().ftp_userid_disabled &&
(field=attribute_data.ftp_command_user()) != nullptr) (field=attribute_data.ftp_command_user()) != nullptr)
{ {
asd.set_client_user(APP_ID_FTP_CONTROL, field->c_str(), change_bits); asd.set_client_user(APP_ID_FTP_CONTROL, field->c_str(), change_bits);
asd.set_user_logged_in(); asd.set_user_logged_in();
asd.tpsession->set_attr(TP_ATTR_UNAME_KNOWN);
} }
// This is a safe bail out condition in case username is not known
if ((asd.init_tpPackets + asd.resp_tpPackets) >= asd.get_odp_ctxt().max_tp_f
low_depth)
asd.tpsession->set_attr(TP_ATTR_UNAME_KNOWN);
} }
static inline void process_quic(AppIdSession& asd, static inline void process_quic(AppIdSession& asd,
ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits) ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits)
{ {
const string* field = nullptr; const string* field = nullptr;
if ( !asd.tsession ) if ( !asd.tsession )
asd.tsession = new TlsSession(); asd.tsession = new TlsSession();
if ( !asd.tsession->get_tls_host() and (field=attribute_data.quic_sni()) != nullptr ) if ( !asd.tsession->get_tls_host() and (field=attribute_data.quic_sni()) != nullptr )
skipping to change at line 654 skipping to change at line 660
asd.set_tp_app_id(APP_ID_HTTP); asd.set_tp_app_id(APP_ID_HTTP);
// Handle HTTP tunneling and SSL possibly then being used in that tu nnel // Handle HTTP tunneling and SSL possibly then being used in that tu nnel
if (tp_app_id == APP_ID_HTTP_TUNNEL) if (tp_app_id == APP_ID_HTTP_TUNNEL)
hsession->set_payload(APP_ID_HTTP_TUNNEL, change_bits, "3rd part y"); hsession->set_payload(APP_ID_HTTP_TUNNEL, change_bits, "3rd part y");
else if (hsession->payload.get_id() == APP_ID_HTTP_TUNNEL and tp_app _id != APP_ID_SSL) else if (hsession->payload.get_id() == APP_ID_HTTP_TUNNEL and tp_app _id != APP_ID_SSL)
hsession->set_payload(tp_app_id, change_bits, "3rd party"); hsession->set_payload(tp_app_id, change_bits, "3rd party");
hsession->process_http_packet(direction, change_bits, asd.get_odp_ct xt().get_http_matchers()); hsession->process_http_packet(direction, change_bits, asd.get_odp_ct xt().get_http_matchers());
if (!hsession->get_tunnel() and (direction == APP_ID_FROM_RESPONDER)
and asd.get_tp_payload_app_id() == APP_ID_HTTP_TUNNEL)
{
if ((p->dsize >= HTTP_CONNECT_RESPONSE_LEN) and
!strncasecmp((const char*)p->data, "HTTP/1.1 200 ", HTTP_CON
NECT_RESPONSE_LEN))
hsession->set_tunnel(true);
}
if (asd.get_tp_app_id() == APP_ID_HTTP and if (asd.get_tp_app_id() == APP_ID_HTTP and
!asd.get_session_flags(APPID_SESSION_APP_REINSPECT) and !asd.get_session_flags(APPID_SESSION_APP_REINSPECT) and
asd.is_tp_appid_available()) asd.is_tp_appid_available())
{ {
asd.client_disco_state = APPID_DISCO_STATE_FINISHED; asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
asd.service_disco_state = APPID_DISCO_STATE_FINISHED; asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
asd.set_session_flags(APPID_SESSION_CLIENT_DETECTED | asd.set_session_flags(APPID_SESSION_CLIENT_DETECTED |
APPID_SESSION_SERVICE_DETECTED); APPID_SESSION_SERVICE_DETECTED);
asd.clear_session_flags(APPID_SESSION_CONTINUE); asd.clear_session_flags(APPID_SESSION_CONTINUE);
if (direction == APP_ID_FROM_INITIATOR) if (direction == APP_ID_FROM_INITIATOR)
 End of changes. 4 change blocks. 
0 lines changed or deleted 16 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)