"Fossies" - the Fresh Open Source Software Archive 
Member "snort-2.9.17/src/dynamic-preprocessors/appid/appIdApi.c" (16 Oct 2020, 22648 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "appIdApi.c" see the
Fossies "Dox" file reference documentation and the latest
Fossies "Diffs" side-by-side code changes report:
2.9.16.1_vs_2.9.17.
1 /*
2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
4 **
5 ** This program is free software; you can redistribute it and/or modify
6 ** it under the terms of the GNU General Public License Version 2 as
7 ** published by the Free Software Foundation. You may not use, modify or
8 ** distribute this program under any other version of the GNU General
9 ** Public License.
10 **
11 ** This program is distributed in the hope that it will be useful,
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ** GNU General Public License for more details.
15 **
16 ** You should have received a copy of the GNU General Public License
17 ** along with this program; if not, write to the Free Software
18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19 */
20
21 #include <stdint.h>
22 #include <stdbool.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/types.h>
27
28 #include "appIdApi.h"
29 #include "fw_appid.h"
30 #include "thirdparty_appid_api.h"
31 #include "appIdConfig.h"
32
33 #define SSL_WHITELIST_PKT_LIMIT 20
34
35 tAppId getServiceAppId(struct AppIdData *appIdData)
36 {
37 if (appIdData)
38 return pickServiceAppId(appIdData);
39 return APP_ID_NONE;
40 }
41 tAppId getOnlyServiceAppId(struct AppIdData *appIdData)
42 {
43 if (appIdData)
44 return pickOnlyServiceAppId(appIdData);
45 return APP_ID_NONE;
46 }
47 tAppId getMiscAppId(struct AppIdData *appIdData)
48 {
49 if (appIdData)
50 return pickMiscAppId(appIdData);
51 return APP_ID_NONE;
52 }
53 tAppId getClientAppId(struct AppIdData *appIdData)
54 {
55 if (appIdData)
56 return pickClientAppId(appIdData);
57 return APP_ID_NONE;
58 }
59 tAppId getPayloadAppId(struct AppIdData *appIdData)
60 {
61 if (appIdData)
62 return pickPayloadId(appIdData);
63 return APP_ID_NONE;
64 }
65 tAppId getReferredAppId(struct AppIdData *appIdData)
66 {
67 if (appIdData)
68 return pickReferredPayloadId(appIdData);
69 return APP_ID_NONE;
70 }
71 tAppId getFwServiceAppId(struct AppIdData *appIdData)
72 {
73 if (appIdData)
74 return fwPickServiceAppId(appIdData);
75 return APP_ID_NONE;
76 }
77 tAppId getFwMiscAppId(struct AppIdData *appIdData)
78 {
79 if (appIdData)
80 return fwPickMiscAppId(appIdData);
81 return APP_ID_NONE;
82 }
83 tAppId getFwClientAppId(struct AppIdData *appIdData)
84 {
85 if (appIdData)
86 return fwPickClientAppId(appIdData);
87 return APP_ID_NONE;
88 }
89 tAppId getFwPayloadAppId(struct AppIdData *appIdData)
90 {
91 if (appIdData)
92 return fwPickPayloadAppId(appIdData);
93 return APP_ID_NONE;
94 }
95 tAppId getFwReferredAppId(struct AppIdData *appIdData)
96 {
97 if (appIdData)
98 return fwPickReferredPayloadAppId(appIdData);
99 return APP_ID_NONE;
100 }
101 char* getTlsHost(struct AppIdData *appIdData)
102 {
103 if (appIdData && appIdData->tsession)
104 {
105 switch (appIdData->tsession->matched_tls_type)
106 {
107 case MATCHED_TLS_HOST:
108 return appIdData->tsession->tls_host;
109 case MATCHED_TLS_FIRST_SAN:
110 return appIdData->tsession->tls_first_san;
111 case MATCHED_TLS_CNAME:
112 return appIdData->tsession->tls_cname;
113 default:
114 /*tls_orgUnit is intentionally avoided from being
115 returned as an URL here, even if its the matching one*/
116 if (appIdData->tsession->tls_host)
117 return appIdData->tsession->tls_host;
118 else if (appIdData->tsession->tls_first_san)
119 return appIdData->tsession->tls_first_san;
120 else if (appIdData->tsession->tls_cname)
121 return appIdData->tsession->tls_cname;
122 return NULL;
123 }
124 }
125 return NULL;
126 }
127 SFGHASH* getFwMultiPayloadList(struct AppIdData *appIdData)
128 {
129 if (appIdData)
130 return fwPickMultiPayloadList(appIdData);
131 return NULL;
132 }
133 bool isSessionSslDecrypted(struct AppIdData *appIdData)
134 {
135 if (appIdData)
136 return isFwSessionSslDecrypted(appIdData);
137 return false;
138 }
139
140 struct AppIdData * getAppIdData(void* lwssn)
141 {
142 tAppIdData *appIdData = _dpd.sessionAPI->get_application_data(lwssn, PP_APP_ID);
143
144 return (appIdData && appIdData->common.fsf_type.flow_type == APPID_SESSION_TYPE_NORMAL)? appIdData : NULL;
145 }
146
147 int getAppIdSessionPacketCount(struct AppIdData * appIdData)
148 {
149 return appIdData ? appIdData->session_packet_count : 0;
150 }
151
152 bool isHttpInspectionDone(struct AppIdData *appIdSession)
153 {
154 if (!appIdSession)
155 return true; // No wait for http discovery if AppId data is unavailable
156 if ((appIdSession->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
157 || (TPIsAppIdDone(appIdSession->tpsession) &&
158 !(getAppIdFlag(appIdSession, APPID_SESSION_SSL_SESSION) && !getTlsHost(appIdSession) &&
159 appIdSession->rnaServiceState != RNA_STATE_FINISHED)))
160 return true;
161 return false;
162 }
163
164 bool IsAppIdInspectingSession(struct AppIdData *appIdSession)
165 {
166 if (appIdSession && appIdSession->common.fsf_type.flow_type == APPID_SESSION_TYPE_NORMAL)
167 {
168 if (appIdSession->rnaServiceState != RNA_STATE_FINISHED ||
169 !TPIsAppIdDone(appIdSession->tpsession) ||
170 getAppIdFlag(appIdSession, APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) ||
171 (getAppIdFlag(appIdSession, APPID_SESSION_ENCRYPTED) &&
172 (getAppIdFlag(appIdSession, APPID_SESSION_DECRYPTED) ||
173 appIdSession->session_packet_count < SSL_WHITELIST_PKT_LIMIT)))
174 {
175 return true;
176 }
177 if (appIdSession->rnaClientState != RNA_STATE_FINISHED &&
178 (!getAppIdFlag(appIdSession, APPID_SESSION_CLIENT_DETECTED) ||
179 (appIdSession->rnaServiceState != RNA_STATE_STATEFUL && getAppIdFlag(appIdSession, APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))))
180 {
181 return true;
182 }
183 if (appIdSession->tpAppId == APP_ID_SSH && appIdSession->payloadAppId != APP_ID_SFTP && appIdSession->session_packet_count < MAX_SFTP_PACKET_COUNT)
184 {
185 return true;
186 }
187 if (appidStaticConfig->recheck_for_unknown_appid)
188 {
189 if( (appIdSession->serviceAppId == APP_ID_UNKNOWN_UI || appIdSession->serviceAppId <= APP_ID_NONE) &&
190 appIdSession->clientAppId <= APP_ID_NONE &&
191 appIdSession->payloadAppId <= APP_ID_NONE &&
192 appIdSession->tpAppId <= APP_ID_NONE &&
193 (appIdSession->portServiceAppId <= APP_ID_NONE || appidStaticConfig->recheck_for_portservice_appid) &&
194 appIdSession->clientServiceAppId <= APP_ID_NONE &&
195 appIdSession->tpPayloadAppId <= APP_ID_NONE )
196 return true;
197
198 if( appidStaticConfig->check_host_cache_unknown_ssl && getAppIdFlag(appIdSession, APPID_SESSION_SSL_SESSION) &&
199 !(appIdSession->tsession && appIdSession->tsession->tls_host && appIdSession->tsession->tls_cname))
200 return true;
201 }
202 if (appidStaticConfig->check_host_port_app_cache)
203 {
204 return true;
205 }
206 }
207 return false;
208 }
209 char* getUserName(struct AppIdData *appIdData, tAppId *service, bool *isLoginSuccessful)
210 {
211 char *userName = NULL;
212 if (appIdData)
213 {
214 userName = appIdData->username;
215 *service = appIdData->usernameService;
216 *isLoginSuccessful = getAppIdFlag(appIdData, APPID_SESSION_LOGIN_SUCCEEDED) ? true : false;
217 appIdData->username = NULL; //transfer ownership to caller.
218 return userName;
219 }
220 return NULL;
221 }
222 bool isAppIdAvailable(struct AppIdData *appIdData)
223 {
224 if (appIdData)
225 {
226 return (appIdData->serviceAppId != APP_ID_NONE || appIdData->payloadAppId != APP_ID_NONE) &&
227 (TPIsAppIdAvailable(appIdData->tpsession) || getAppIdFlag(appIdData, APPID_SESSION_NO_TPI));
228 }
229 return false;
230 }
231 char* getClientVersion(struct AppIdData *appIdData)
232 {
233 return appIdData? appIdData->clientVersion: NULL;
234 }
235 uint64_t getAppIdSessionAttribute(struct AppIdData *appIdData, uint64_t flags)
236 {
237 return appIdData? getAppIdFlag(appIdData, flags): 0;
238 }
239
240 APPID_FLOW_TYPE getFlowType(struct AppIdData *appIdData)
241 {
242 return appIdData ? appIdData->common.fsf_type.flow_type: APPID_FLOW_TYPE_IGNORE;
243 }
244
245 void getServiceInfo(struct AppIdData *appIdData, char **serviceVendor, char **serviceVersion, RNAServiceSubtype **serviceSubtype)
246 {
247 if (appIdData)
248 {
249 *serviceVendor = appIdData->serviceVendor;
250 *serviceVersion = appIdData->serviceVersion;
251 *serviceSubtype = appIdData->subtype;
252 }
253 else
254 {
255 *serviceVendor = NULL;
256 *serviceVersion = NULL;
257 *serviceSubtype = NULL;
258 }
259 }
260 short getServicePort(struct AppIdData *appIdData)
261 {
262 if (appIdData)
263 return appIdData->service_port;
264 return 0;
265 }
266 char* getHttpUserAgent(struct AppIdData *appIdData)
267 {
268 if (appIdData && appIdData->hsession)
269 return appIdData->hsession->useragent;
270 return NULL;
271 }
272 char* getHttpHost(struct AppIdData *appIdData)
273 {
274 if (appIdData && appIdData->hsession)
275 return appIdData->hsession->host;
276 return NULL;
277 }
278 char* getHttpUrl(struct AppIdData *appIdData)
279 {
280 if (appIdData && appIdData->hsession)
281 return appIdData->hsession->url;
282 return NULL;
283 }
284 char* getHttpReferer(struct AppIdData *appIdData)
285 {
286 if (appIdData && appIdData->hsession)
287 return appIdData->hsession->referer;
288 return NULL;
289 }
290 char* getHttpNewUrl(struct AppIdData *appIdData)
291 {
292 if (appIdData && appIdData->hsession)
293 return appIdData->hsession->new_field[REQ_URI_FID];
294 return NULL;
295 }
296 char* getHttpUri(struct AppIdData *appIdData)
297 {
298 if (appIdData && appIdData->hsession)
299 return appIdData->hsession->uri;
300 return NULL;
301 }
302 char* getHttpResponseCode(struct AppIdData *appIdData)
303 {
304 if (appIdData && appIdData->hsession)
305 return appIdData->hsession->response_code;
306 return NULL;
307 }
308 char* getHttpCookie(struct AppIdData *appIdData)
309 {
310 if (appIdData && appIdData->hsession)
311 return appIdData->hsession->cookie;
312 return NULL;
313 }
314 char* getHttpNewCookie(struct AppIdData *appIdData)
315 {
316 if (appIdData && appIdData->hsession)
317 return appIdData->hsession->new_field[REQ_COOKIE_FID];
318 return NULL;
319 }
320 char* getHttpNewField(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
321 {
322 if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX)
323 return appIdData->hsession->new_field[fieldId];
324 return NULL;
325 }
326 void freeHttpNewField(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
327 {
328 if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX &&
329 NULL != appIdData->hsession->new_field[fieldId])
330 {
331 free(appIdData->hsession->new_field[fieldId]);
332 appIdData->hsession->new_field[fieldId] = NULL;
333 }
334 }
335 char* getHttpContentType(struct AppIdData *appIdData)
336 {
337 if (appIdData && appIdData->hsession)
338 return appIdData->hsession->content_type;
339 return NULL;
340 }
341 char* getHttpLocation(struct AppIdData *appIdData)
342 {
343 if (appIdData && appIdData->hsession)
344 return appIdData->hsession->location;
345 return NULL;
346 }
347 char* getHttpBody(struct AppIdData *appIdData)
348 {
349 if (appIdData && appIdData->hsession)
350 return appIdData->hsession->body;
351 return NULL;
352 }
353 char* getHttpReqBody(struct AppIdData *appIdData)
354 {
355 if (appIdData && appIdData->hsession)
356 return appIdData->hsession->req_body;
357 return NULL;
358 }
359 uint16_t getHttpUriOffset(struct AppIdData *appIdData)
360 {
361 if (appIdData && appIdData->hsession)
362 return appIdData->hsession->fieldOffset[REQ_URI_FID];
363 return 0;
364 }
365 uint16_t getHttpUriEndOffset(struct AppIdData *appIdData)
366 {
367 if (appIdData && appIdData->hsession)
368 return appIdData->hsession->fieldEndOffset[REQ_URI_FID];
369 return 0;
370 }
371 uint16_t getHttpCookieOffset(struct AppIdData *appIdData)
372 {
373 if (appIdData && appIdData->hsession)
374 return appIdData->hsession->fieldOffset[REQ_COOKIE_FID];
375 return 0;
376 }
377 uint16_t getHttpCookieEndOffset(struct AppIdData *appIdData)
378 {
379 if (appIdData && appIdData->hsession)
380 return appIdData->hsession->fieldEndOffset[REQ_COOKIE_FID];
381 return 0;
382 }
383 uint16_t getHttpFieldOffset(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
384 {
385 if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX)
386 return appIdData->hsession->fieldOffset[fieldId];
387 return 0;
388 }
389 uint16_t getHttpFieldEndOffset(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
390 {
391 if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX)
392 return appIdData->hsession->fieldEndOffset[fieldId];
393 return 0;
394 }
395 SEARCH_SUPPORT_TYPE getHttpSearch(struct AppIdData *appIdData)
396 {
397 if (appIdData)
398 return (appIdData->search_support_type != SEARCH_SUPPORT_TYPE_UNKNOWN) ? appIdData->search_support_type : NOT_A_SEARCH_ENGINE;
399 return NOT_A_SEARCH_ENGINE;
400 }
401 sfaddr_t* getHttpXffAddr(struct AppIdData* appIdData)
402 {
403 if (appIdData && appIdData->hsession)
404 return appIdData->hsession->xffAddr;
405 return NULL;
406 }
407 tAppId getPortServiceAppId(struct AppIdData *appIdData)
408 {
409 if (appIdData)
410 return appIdData->portServiceAppId;
411 return APP_ID_NONE;
412 }
413 sfaddr_t* getServiceIp(struct AppIdData *appIdData)
414 {
415 if (appIdData)
416 return &appIdData->service_ip;
417 return NULL;
418 }
419 struct in6_addr* getInitiatorIp(struct AppIdData *appIdData)
420 {
421 return appIdData ? &appIdData->common.initiator_ip : NULL;
422 }
423 DhcpFPData* getDhcpFpData(struct AppIdData *appIdData)
424 {
425 DhcpFPData *data;
426 if (appIdData && getAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_FP))
427 {
428 data = AppIdFlowdataRemove(appIdData, APPID_SESSION_DATA_DHCP_FP_DATA);
429 return data;
430 }
431 return NULL;
432 }
433 void freeDhcpFpData(struct AppIdData *appIdData, DhcpFPData *data)
434 {
435 if (appIdData)
436 {
437 clearAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_FP);
438 AppIdFreeDhcpData(data);
439 }
440 }
441
442 DHCPInfo* getDhcpInfo(struct AppIdData *appIdData)
443 {
444 DHCPInfo *data;
445 if (appIdData && getAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_INFO))
446 {
447 data = AppIdFlowdataRemove(appIdData, APPID_SESSION_DATA_DHCP_INFO);
448 return data;
449 }
450 return NULL;
451 }
452
453 void freeDhcpInfo(struct AppIdData *appIdData, DHCPInfo *data)
454 {
455 if (appIdData)
456 {
457 clearAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_INFO);
458 AppIdFreeDhcpInfo(data);
459 }
460 }
461
462 FpSMBData* getSmbFpData(struct AppIdData *appIdData)
463 {
464 FpSMBData *data;
465 if (appIdData && getAppIdFlag(appIdData, APPID_SESSION_HAS_SMB_INFO))
466 {
467 data = AppIdFlowdataRemove(appIdData, APPID_SESSION_DATA_SMB_DATA);
468 return data;
469 }
470 return NULL;
471 }
472
473 void freeSmbFpData(struct AppIdData *appIdData, FpSMBData *data)
474 {
475 if (appIdData)
476 {
477 clearAppIdFlag(appIdData, APPID_SESSION_HAS_SMB_INFO);
478 AppIdFreeSMBData(data);
479 }
480 }
481
482 char* getNetbiosName(struct AppIdData *appIdData)
483 {
484 if (appIdData)
485 {
486 char *netbiosName = appIdData->netbios_name;
487 appIdData->netbios_name = NULL; //transfer ownership to caller.
488 return netbiosName;
489 }
490 return NULL;
491 }
492
493 uint32_t produceHAState(void *lwssn, uint8_t *buf)
494 {
495 AppIdSessionHA *appHA = (AppIdSessionHA *)buf;
496 struct AppIdData *appIdData = _dpd.sessionAPI->get_application_data(lwssn, PP_APP_ID);
497 if (appIdData && _dpd.appIdApi->getFlowType(appIdData) != APPID_FLOW_TYPE_NORMAL)
498 appIdData = NULL;
499 if (appIdData)
500 {
501
502 appHA->flags = APPID_HA_FLAGS_APP;
503 if (TPIsAppIdAvailable(appIdData->tpsession))
504 appHA->flags |= APPID_HA_FLAGS_TP_DONE;
505 if (getAppIdFlag(appIdData, APPID_SESSION_SERVICE_DETECTED))
506 appHA->flags |= APPID_HA_FLAGS_SVC_DONE;
507 if (getAppIdFlag(appIdData, APPID_SESSION_HTTP_SESSION))
508 appHA->flags |= APPID_HA_FLAGS_HTTP;
509 appHA->appId[0] = appIdData->tpAppId;
510 appHA->appId[1] = appIdData->serviceAppId;
511 appHA->appId[2] = appIdData->clientServiceAppId;
512 appHA->appId[3] = appIdData->portServiceAppId;
513 appHA->appId[4] = appIdData->payloadAppId;
514 appHA->appId[5] = appIdData->tpPayloadAppId;
515 appHA->appId[6] = appIdData->clientAppId;
516 appHA->appId[7] = appIdData->miscAppId;
517 }
518 else
519 {
520 memset(appHA, 0, sizeof(*appHA));
521 }
522 return sizeof(*appHA);
523 }
524 uint32_t consumeHAState(void *lwssn, const uint8_t *buf, uint8_t length, uint8_t proto, const struct in6_addr *ip, uint16_t initiatorPort)
525 {
526 AppIdSessionHA *appHA = (AppIdSessionHA *)buf;
527 if (appHA->flags & APPID_HA_FLAGS_APP)
528 {
529 struct AppIdData *appIdData = (tAppIdData*)_dpd.sessionAPI->get_application_data(lwssn, PP_APP_ID);
530 if (appIdData && _dpd.appIdApi->getFlowType(appIdData) != APPID_FLOW_TYPE_NORMAL)
531 return sizeof(*appHA);
532
533 if (!appIdData)
534 {
535 appIdData = appSharedDataAlloc(proto, ip, initiatorPort);
536 _dpd.sessionAPI->set_application_data(lwssn, PP_APP_ID, appIdData, (void (*)(void *))appSharedDataDelete);
537 appIdData->serviceAppId = appHA->appId[1];
538 if (appIdData->serviceAppId == APP_ID_FTP_CONTROL)
539 {
540 setAppIdFlag(appIdData, APPID_SESSION_CLIENT_DETECTED | APPID_SESSION_NOT_A_SERVICE | APPID_SESSION_SERVICE_DETECTED);
541 if (!AddFTPServiceState(appIdData))
542 {
543 setAppIdFlag(appIdData, APPID_SESSION_CONTINUE);
544 }
545 appIdData->rnaServiceState = RNA_STATE_STATEFUL;
546 }
547 else
548 appIdData->rnaServiceState = RNA_STATE_FINISHED;
549 appIdData->rnaClientState = RNA_STATE_FINISHED;
550 if (thirdparty_appid_module)
551 thirdparty_appid_module->session_state_set(appIdData->tpsession, TP_STATE_HA);
552 }
553
554 if (appHA->flags & APPID_HA_FLAGS_TP_DONE && thirdparty_appid_module)
555 {
556 thirdparty_appid_module->session_state_set(appIdData->tpsession, TP_STATE_TERMINATED);
557 setAppIdFlag(appIdData, APPID_SESSION_NO_TPI);
558 }
559 if (appHA->flags & APPID_HA_FLAGS_SVC_DONE)
560 setAppIdFlag(appIdData, APPID_SESSION_SERVICE_DETECTED);
561 if (appHA->flags & APPID_HA_FLAGS_HTTP)
562 setAppIdFlag(appIdData, APPID_SESSION_HTTP_SESSION);
563
564 appIdData->tpAppId = appHA->appId[0];
565 appIdData->serviceAppId = appHA->appId[1];
566 appIdData->clientServiceAppId = appHA->appId[2];
567 appIdData->portServiceAppId = appHA->appId[3];
568 appIdData->payloadAppId = appHA->appId[4];
569 appIdData->tpPayloadAppId = appHA->appId[5];
570 appIdData->clientAppId = appHA->appId[6];
571 appIdData->miscAppId = appHA->appId[7];
572
573 }
574 return sizeof(*appHA);
575 }
576
577 char* getDNSQuery(struct AppIdData *appIdData, uint8_t *query_len, bool *got_response)
578 {
579 if (appIdData && appIdData->dsession)
580 {
581 if (query_len)
582 {
583 if (appIdData->dsession->host)
584 *query_len = appIdData->dsession->host_len;
585 else
586 *query_len = 0;
587 }
588 if (got_response)
589 *got_response = (appIdData->dsession->state & DNS_GOT_RESPONSE) ? true : false;
590 return appIdData->dsession->host;
591 }
592 if (query_len)
593 *query_len = 0;
594 if (got_response)
595 *got_response = false;
596 return NULL;
597 }
598
599 uint16_t getDNSQueryoffset(struct AppIdData *appIdData)
600 {
601 if (appIdData && appIdData->dsession)
602 return appIdData->dsession->host_offset;
603 return 0;
604 }
605 uint16_t getDNSRecordType(struct AppIdData *appIdData)
606 {
607 if (appIdData && appIdData->dsession)
608 return appIdData->dsession->record_type;
609 return 0;
610 }
611 uint8_t getDNSResponseType(struct AppIdData *appIdData)
612 {
613 if (appIdData && appIdData->dsession)
614 return appIdData->dsession->response_type;
615 return 0;
616 }
617 uint32_t getDNSTTL(struct AppIdData *appIdData)
618 {
619 if (appIdData && appIdData->dsession)
620 return appIdData->dsession->ttl;
621 return 0;
622 }
623
624 uint16_t getDNSOptionsOffset(struct AppIdData* appIdData)
625 {
626 if (appIdData && appIdData->dsession)
627 return appIdData->dsession->options_offset;
628 return 0;
629 }
630
631 static void dumpDebugHostInfo(void)
632 {
633 char ipStr[INET6_ADDRSTRLEN];
634
635 ipStr[0] = '\0';
636 if (AppIdDebugHostInfo.family == AF_INET)
637 inet_ntop(AF_INET, (const struct in6_addr*) &AppIdDebugHostInfo.initiatorIp.s6_addr32[3], ipStr, sizeof(ipStr));
638 else
639 inet_ntop(AF_INET6, &AppIdDebugHostInfo.initiatorIp, ipStr, sizeof(ipStr));
640 _dpd.logMsg("AppIdDebugHost: session %s, initiator %s:%u, direction %d, protocol %u, monitorType %d\n",
641 AppIdDebugHostInfo.session ? "not null" : "null", ipStr, AppIdDebugHostInfo.initiatorPort, AppIdDebugHostInfo.direction, AppIdDebugHostInfo.protocol, AppIdDebugHostInfo.monitorType);
642 }
643
644 static struct AppIdApi appIdDispatchTable = {
645 appGetAppName,
646 appGetAppId,
647
648 getServiceAppId,
649 getPortServiceAppId,
650 getOnlyServiceAppId,
651 getMiscAppId,
652 getClientAppId,
653 getPayloadAppId,
654 getReferredAppId,
655 getFwServiceAppId,
656 getFwMiscAppId,
657 getFwClientAppId,
658 getFwPayloadAppId,
659 getFwReferredAppId,
660 getFwMultiPayloadList,
661
662 isSessionSslDecrypted,
663 IsAppIdInspectingSession,
664 isAppIdAvailable,
665
666 getUserName,
667 getClientVersion,
668
669 getAppIdSessionAttribute,
670
671 getFlowType,
672 getServiceInfo,
673 getServicePort,
674 getServiceIp,
675 getInitiatorIp,
676
677 getHttpUserAgent,
678 getHttpHost,
679 getHttpUrl,
680 getHttpReferer,
681 getHttpNewUrl,
682 getHttpUri,
683 getHttpResponseCode,
684 getHttpCookie,
685 getHttpNewCookie,
686 getHttpContentType,
687 getHttpLocation,
688 getHttpBody,
689 getHttpReqBody,
690 getHttpUriOffset,
691 getHttpUriEndOffset,
692 getHttpCookieOffset,
693 getHttpCookieEndOffset,
694 getHttpSearch,
695 getHttpXffAddr,
696
697 getTlsHost,
698
699 getDhcpFpData,
700 freeDhcpFpData,
701 getDhcpInfo,
702 freeDhcpInfo,
703 getSmbFpData,
704 freeSmbFpData,
705 getNetbiosName,
706 produceHAState,
707 consumeHAState,
708
709 getAppIdData,
710 getAppIdSessionPacketCount,
711
712 getDNSQuery,
713 getDNSQueryoffset,
714 getDNSRecordType,
715 getDNSResponseType,
716 getDNSTTL,
717 getDNSOptionsOffset,
718
719 getHttpNewField,
720 freeHttpNewField,
721 getHttpFieldOffset,
722 getHttpFieldEndOffset,
723 isHttpInspectionDone,
724 dumpDebugHostInfo
725 };
726
727 void appIdApiInit(struct AppIdApi *api)
728 {
729 *api = appIdDispatchTable;
730 }