"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/dynamic-preprocessors/appid/appIdApi.c" (16 Oct 2020, 22648 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appIdApi.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /*
    2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
    4 **
    5 ** This program is free software; you can redistribute it and/or modify
    6 ** it under the terms of the GNU General Public License Version 2 as
    7 ** published by the Free Software Foundation.  You may not use, modify or
    8 ** distribute this program under any other version of the GNU General
    9 ** Public License.
   10 **
   11 ** This program is distributed in the hope that it will be useful,
   12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   14 ** GNU General Public License for more details.
   15 **
   16 ** You should have received a copy of the GNU General Public License
   17 ** along with this program; if not, write to the Free Software
   18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   19 */
   20 
   21 #include <stdint.h>
   22 #include <stdbool.h>
   23 #include <stdio.h>
   24 #include <stdlib.h>
   25 #include <string.h>
   26 #include <sys/types.h>
   27 
   28 #include "appIdApi.h"
   29 #include "fw_appid.h"
   30 #include "thirdparty_appid_api.h"
   31 #include "appIdConfig.h"
   32 
   33 #define SSL_WHITELIST_PKT_LIMIT 20
   34 
   35 tAppId getServiceAppId(struct AppIdData *appIdData)
   36 {
   37     if (appIdData)
   38         return pickServiceAppId(appIdData);
   39     return APP_ID_NONE;
   40 }
   41 tAppId getOnlyServiceAppId(struct AppIdData *appIdData)
   42 {
   43     if (appIdData)
   44         return pickOnlyServiceAppId(appIdData);
   45     return APP_ID_NONE;
   46 }
   47 tAppId getMiscAppId(struct AppIdData *appIdData)
   48 {
   49     if (appIdData)
   50         return pickMiscAppId(appIdData);
   51     return APP_ID_NONE;
   52 }
   53 tAppId getClientAppId(struct AppIdData *appIdData)
   54 {
   55     if (appIdData)
   56         return pickClientAppId(appIdData);
   57     return APP_ID_NONE;
   58 }
   59 tAppId getPayloadAppId(struct AppIdData *appIdData)
   60 {
   61     if (appIdData)
   62         return pickPayloadId(appIdData);
   63     return APP_ID_NONE;
   64 }
   65 tAppId getReferredAppId(struct AppIdData *appIdData)
   66 {
   67     if (appIdData)
   68         return pickReferredPayloadId(appIdData);
   69     return APP_ID_NONE;
   70 }
   71 tAppId getFwServiceAppId(struct AppIdData *appIdData)
   72 {
   73     if (appIdData)
   74         return fwPickServiceAppId(appIdData);
   75     return APP_ID_NONE;
   76 }
   77 tAppId getFwMiscAppId(struct AppIdData *appIdData)
   78 {
   79     if (appIdData)
   80         return fwPickMiscAppId(appIdData);
   81     return APP_ID_NONE;
   82 }
   83 tAppId getFwClientAppId(struct AppIdData *appIdData)
   84 {
   85     if (appIdData)
   86         return fwPickClientAppId(appIdData);
   87     return APP_ID_NONE;
   88 }
   89 tAppId getFwPayloadAppId(struct AppIdData *appIdData)
   90 {
   91     if (appIdData)
   92         return fwPickPayloadAppId(appIdData);
   93     return APP_ID_NONE;
   94 }
   95 tAppId getFwReferredAppId(struct AppIdData *appIdData)
   96 {
   97     if (appIdData)
   98         return fwPickReferredPayloadAppId(appIdData);
   99     return APP_ID_NONE;
  100 }
  101 char* getTlsHost(struct AppIdData *appIdData)
  102 {
  103     if (appIdData && appIdData->tsession)
  104     {
  105         switch (appIdData->tsession->matched_tls_type)
  106         {
  107             case MATCHED_TLS_HOST:
  108                 return appIdData->tsession->tls_host;
  109             case MATCHED_TLS_FIRST_SAN:
  110                 return appIdData->tsession->tls_first_san;
  111             case MATCHED_TLS_CNAME:
  112                 return appIdData->tsession->tls_cname;
  113             default:
  114                 /*tls_orgUnit is intentionally avoided from being
  115                    returned as an URL here, even if its the matching one*/
  116                 if (appIdData->tsession->tls_host)
  117                     return appIdData->tsession->tls_host;
  118                 else if (appIdData->tsession->tls_first_san)
  119                     return appIdData->tsession->tls_first_san;
  120                 else if (appIdData->tsession->tls_cname)
  121                     return appIdData->tsession->tls_cname;
  122                 return NULL;
  123         }
  124     }
  125     return NULL;
  126 }
  127 SFGHASH* getFwMultiPayloadList(struct AppIdData *appIdData)
  128 {
  129     if (appIdData)
  130         return fwPickMultiPayloadList(appIdData);
  131     return NULL;
  132 }
  133 bool isSessionSslDecrypted(struct AppIdData *appIdData)
  134 {
  135     if (appIdData)
  136         return isFwSessionSslDecrypted(appIdData);
  137     return false;
  138 }
  139 
  140 struct AppIdData * getAppIdData(void* lwssn)
  141 {
  142     tAppIdData *appIdData = _dpd.sessionAPI->get_application_data(lwssn, PP_APP_ID);
  143 
  144     return (appIdData && appIdData->common.fsf_type.flow_type == APPID_SESSION_TYPE_NORMAL)? appIdData : NULL;
  145 }
  146 
  147 int getAppIdSessionPacketCount(struct AppIdData * appIdData)
  148 {
  149     return appIdData ? appIdData->session_packet_count : 0;
  150 }
  151 
  152 bool isHttpInspectionDone(struct AppIdData *appIdSession)
  153 {
  154     if (!appIdSession)
  155         return true; // No wait for http discovery if AppId data is unavailable
  156     if ((appIdSession->common.fsf_type.flow_type != APPID_SESSION_TYPE_NORMAL)
  157         || (TPIsAppIdDone(appIdSession->tpsession) &&
  158             !(getAppIdFlag(appIdSession, APPID_SESSION_SSL_SESSION) && !getTlsHost(appIdSession) &&
  159               appIdSession->rnaServiceState != RNA_STATE_FINISHED)))
  160         return true;
  161     return false;
  162 }
  163 
  164 bool IsAppIdInspectingSession(struct AppIdData *appIdSession)
  165 {
  166     if (appIdSession && appIdSession->common.fsf_type.flow_type == APPID_SESSION_TYPE_NORMAL)
  167     {
  168         if (appIdSession->rnaServiceState != RNA_STATE_FINISHED ||
  169             !TPIsAppIdDone(appIdSession->tpsession) ||
  170             getAppIdFlag(appIdSession, APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) ||
  171             (getAppIdFlag(appIdSession, APPID_SESSION_ENCRYPTED) &&
  172              (getAppIdFlag(appIdSession, APPID_SESSION_DECRYPTED) ||
  173               appIdSession->session_packet_count < SSL_WHITELIST_PKT_LIMIT)))
  174         {
  175             return true;
  176         }
  177         if (appIdSession->rnaClientState != RNA_STATE_FINISHED &&
  178             (!getAppIdFlag(appIdSession, APPID_SESSION_CLIENT_DETECTED) ||
  179              (appIdSession->rnaServiceState != RNA_STATE_STATEFUL && getAppIdFlag(appIdSession, APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))))
  180         {
  181             return true;
  182         }
  183         if (appIdSession->tpAppId == APP_ID_SSH && appIdSession->payloadAppId != APP_ID_SFTP && appIdSession->session_packet_count < MAX_SFTP_PACKET_COUNT)
  184         {
  185             return true;
  186         }
  187         if (appidStaticConfig->recheck_for_unknown_appid)
  188         {
  189             if( (appIdSession->serviceAppId == APP_ID_UNKNOWN_UI || appIdSession->serviceAppId <= APP_ID_NONE) &&
  190                  appIdSession->clientAppId <= APP_ID_NONE &&
  191                  appIdSession->payloadAppId <= APP_ID_NONE &&
  192                  appIdSession->tpAppId <= APP_ID_NONE &&
  193                 (appIdSession->portServiceAppId <= APP_ID_NONE || appidStaticConfig->recheck_for_portservice_appid) &&
  194                  appIdSession->clientServiceAppId <= APP_ID_NONE &&
  195                  appIdSession->tpPayloadAppId <= APP_ID_NONE )
  196                 return true;
  197 
  198             if( appidStaticConfig->check_host_cache_unknown_ssl && getAppIdFlag(appIdSession, APPID_SESSION_SSL_SESSION) &&
  199                 !(appIdSession->tsession && appIdSession->tsession->tls_host && appIdSession->tsession->tls_cname))
  200                 return true;
  201         }
  202         if (appidStaticConfig->check_host_port_app_cache)
  203         {
  204             return true;
  205         }
  206     }
  207     return false;
  208 }
  209 char* getUserName(struct AppIdData *appIdData, tAppId *service, bool *isLoginSuccessful)
  210 {
  211     char *userName = NULL;
  212     if (appIdData)
  213     {
  214         userName = appIdData->username;
  215         *service = appIdData->usernameService;
  216         *isLoginSuccessful = getAppIdFlag(appIdData, APPID_SESSION_LOGIN_SUCCEEDED) ? true : false;
  217         appIdData->username = NULL; //transfer ownership to caller.
  218         return userName;
  219     }
  220     return NULL;
  221 }
  222 bool isAppIdAvailable(struct AppIdData *appIdData)
  223 {
  224     if (appIdData)
  225     {
  226         return (appIdData->serviceAppId != APP_ID_NONE || appIdData->payloadAppId != APP_ID_NONE) &&
  227                (TPIsAppIdAvailable(appIdData->tpsession) || getAppIdFlag(appIdData, APPID_SESSION_NO_TPI));
  228     }
  229     return false;
  230 }
  231 char* getClientVersion(struct AppIdData *appIdData)
  232 {
  233     return appIdData? appIdData->clientVersion: NULL;
  234 }
  235 uint64_t getAppIdSessionAttribute(struct AppIdData *appIdData, uint64_t flags)
  236 {
  237     return appIdData? getAppIdFlag(appIdData, flags): 0;
  238 }
  239 
  240 APPID_FLOW_TYPE getFlowType(struct AppIdData *appIdData)
  241 {
  242     return appIdData ? appIdData->common.fsf_type.flow_type: APPID_FLOW_TYPE_IGNORE;
  243 }
  244 
  245 void getServiceInfo(struct AppIdData *appIdData, char **serviceVendor, char **serviceVersion, RNAServiceSubtype **serviceSubtype)
  246 {
  247     if (appIdData)
  248     {
  249         *serviceVendor = appIdData->serviceVendor;
  250         *serviceVersion = appIdData->serviceVersion;
  251         *serviceSubtype = appIdData->subtype;
  252     }
  253     else
  254     {
  255         *serviceVendor = NULL;
  256         *serviceVersion = NULL;
  257         *serviceSubtype = NULL;
  258     }
  259 }
  260 short getServicePort(struct AppIdData *appIdData)
  261 {
  262     if (appIdData)
  263         return appIdData->service_port;
  264     return 0;
  265 }
  266 char* getHttpUserAgent(struct AppIdData *appIdData)
  267 {
  268     if (appIdData && appIdData->hsession)
  269         return appIdData->hsession->useragent;
  270     return NULL;
  271 }
  272 char* getHttpHost(struct AppIdData *appIdData)
  273 {
  274     if (appIdData && appIdData->hsession)
  275         return appIdData->hsession->host;
  276     return NULL;
  277 }
  278 char* getHttpUrl(struct AppIdData *appIdData)
  279 {
  280     if (appIdData && appIdData->hsession)
  281         return appIdData->hsession->url;
  282     return NULL;
  283 }
  284 char* getHttpReferer(struct AppIdData *appIdData)
  285 {
  286     if (appIdData && appIdData->hsession)
  287         return appIdData->hsession->referer;
  288     return NULL;
  289 }
  290 char* getHttpNewUrl(struct AppIdData *appIdData)
  291 {
  292     if (appIdData && appIdData->hsession)
  293         return appIdData->hsession->new_field[REQ_URI_FID];
  294     return NULL;
  295 }
  296 char* getHttpUri(struct AppIdData *appIdData)
  297 {
  298     if (appIdData && appIdData->hsession)
  299         return appIdData->hsession->uri;
  300     return NULL;
  301 }
  302 char* getHttpResponseCode(struct AppIdData *appIdData)
  303 {
  304     if (appIdData && appIdData->hsession)
  305         return appIdData->hsession->response_code;
  306     return NULL;
  307 }
  308 char* getHttpCookie(struct AppIdData *appIdData)
  309 {
  310     if (appIdData && appIdData->hsession)
  311         return appIdData->hsession->cookie;
  312     return NULL;
  313 }
  314 char* getHttpNewCookie(struct AppIdData *appIdData)
  315 {
  316     if (appIdData && appIdData->hsession)
  317         return appIdData->hsession->new_field[REQ_COOKIE_FID];
  318     return NULL;
  319 }
  320 char* getHttpNewField(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
  321 {
  322     if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX)
  323         return appIdData->hsession->new_field[fieldId];
  324     return NULL;
  325 }
  326 void freeHttpNewField(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
  327 {
  328     if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX &&
  329         NULL != appIdData->hsession->new_field[fieldId])
  330     {
  331         free(appIdData->hsession->new_field[fieldId]);
  332         appIdData->hsession->new_field[fieldId] = NULL;
  333     }
  334 }
  335 char* getHttpContentType(struct AppIdData *appIdData)
  336 {
  337     if (appIdData && appIdData->hsession)
  338         return appIdData->hsession->content_type;
  339     return NULL;
  340 }
  341 char* getHttpLocation(struct AppIdData *appIdData)
  342 {
  343     if (appIdData && appIdData->hsession)
  344         return appIdData->hsession->location;
  345     return NULL;
  346 }
  347 char* getHttpBody(struct AppIdData *appIdData)
  348 {
  349     if (appIdData && appIdData->hsession)
  350         return appIdData->hsession->body;
  351     return NULL;
  352 }
  353 char* getHttpReqBody(struct AppIdData *appIdData)
  354 {
  355     if (appIdData && appIdData->hsession)
  356         return appIdData->hsession->req_body;
  357     return NULL;
  358 }
  359 uint16_t getHttpUriOffset(struct AppIdData *appIdData)
  360 {
  361     if (appIdData && appIdData->hsession)
  362         return appIdData->hsession->fieldOffset[REQ_URI_FID];
  363     return 0;
  364 }
  365 uint16_t getHttpUriEndOffset(struct AppIdData *appIdData)
  366 {
  367     if (appIdData && appIdData->hsession)
  368         return appIdData->hsession->fieldEndOffset[REQ_URI_FID];
  369     return 0;
  370 }
  371 uint16_t getHttpCookieOffset(struct AppIdData *appIdData)
  372 {
  373     if (appIdData && appIdData->hsession)
  374         return appIdData->hsession->fieldOffset[REQ_COOKIE_FID];
  375     return 0;
  376 }
  377 uint16_t getHttpCookieEndOffset(struct AppIdData *appIdData)
  378 {
  379     if (appIdData && appIdData->hsession)
  380         return appIdData->hsession->fieldEndOffset[REQ_COOKIE_FID];
  381     return 0;
  382 }
  383 uint16_t getHttpFieldOffset(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
  384 {
  385     if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX)
  386         return appIdData->hsession->fieldOffset[fieldId];
  387     return 0;
  388 }
  389 uint16_t getHttpFieldEndOffset(struct AppIdData *appIdData, HTTP_FIELD_ID fieldId)
  390 {
  391     if (appIdData && appIdData->hsession && fieldId >= 0 && fieldId <= HTTP_FIELD_MAX)
  392         return appIdData->hsession->fieldEndOffset[fieldId];
  393     return 0;
  394 }
  395 SEARCH_SUPPORT_TYPE getHttpSearch(struct AppIdData *appIdData)
  396 {
  397     if (appIdData)
  398         return (appIdData->search_support_type != SEARCH_SUPPORT_TYPE_UNKNOWN) ? appIdData->search_support_type : NOT_A_SEARCH_ENGINE;
  399     return NOT_A_SEARCH_ENGINE;
  400 }
  401 sfaddr_t* getHttpXffAddr(struct AppIdData* appIdData)
  402 {
  403     if (appIdData && appIdData->hsession)
  404         return appIdData->hsession->xffAddr;
  405     return NULL;
  406 }
  407 tAppId getPortServiceAppId(struct AppIdData *appIdData)
  408 {
  409     if (appIdData)
  410         return appIdData->portServiceAppId;
  411     return APP_ID_NONE;
  412 }
  413 sfaddr_t* getServiceIp(struct AppIdData *appIdData)
  414 {
  415     if (appIdData)
  416         return &appIdData->service_ip;
  417     return NULL;
  418 }
  419 struct in6_addr* getInitiatorIp(struct AppIdData *appIdData)
  420 {
  421     return appIdData ? &appIdData->common.initiator_ip : NULL;
  422 }
  423 DhcpFPData* getDhcpFpData(struct AppIdData *appIdData)
  424 {
  425     DhcpFPData *data;
  426     if (appIdData && getAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_FP))
  427     {
  428         data = AppIdFlowdataRemove(appIdData, APPID_SESSION_DATA_DHCP_FP_DATA);
  429         return data;
  430     }
  431     return NULL;
  432 }
  433 void freeDhcpFpData(struct AppIdData *appIdData, DhcpFPData *data)
  434 {
  435     if (appIdData)
  436     {
  437         clearAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_FP);
  438         AppIdFreeDhcpData(data);
  439     }
  440 }
  441 
  442 DHCPInfo* getDhcpInfo(struct AppIdData *appIdData)
  443 {
  444     DHCPInfo *data;
  445     if (appIdData && getAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_INFO))
  446     {
  447         data = AppIdFlowdataRemove(appIdData, APPID_SESSION_DATA_DHCP_INFO);
  448         return data;
  449     }
  450     return NULL;
  451 }
  452 
  453 void freeDhcpInfo(struct AppIdData *appIdData, DHCPInfo *data)
  454 {
  455     if (appIdData)
  456     {
  457         clearAppIdFlag(appIdData, APPID_SESSION_HAS_DHCP_INFO);
  458         AppIdFreeDhcpInfo(data);
  459     }
  460 }
  461 
  462 FpSMBData* getSmbFpData(struct AppIdData *appIdData)
  463 {
  464     FpSMBData *data;
  465     if (appIdData && getAppIdFlag(appIdData, APPID_SESSION_HAS_SMB_INFO))
  466     {
  467         data = AppIdFlowdataRemove(appIdData, APPID_SESSION_DATA_SMB_DATA);
  468         return data;
  469     }
  470     return NULL;
  471 }
  472 
  473 void freeSmbFpData(struct AppIdData *appIdData, FpSMBData *data)
  474 {
  475     if (appIdData)
  476     {
  477         clearAppIdFlag(appIdData, APPID_SESSION_HAS_SMB_INFO);
  478         AppIdFreeSMBData(data);
  479     }
  480 }
  481 
  482 char* getNetbiosName(struct AppIdData *appIdData)
  483 {
  484     if (appIdData)
  485     {
  486         char *netbiosName = appIdData->netbios_name;
  487         appIdData->netbios_name = NULL; //transfer ownership to caller.
  488         return netbiosName;
  489     }
  490     return NULL;
  491 }
  492 
  493 uint32_t produceHAState(void *lwssn, uint8_t *buf)
  494 {
  495     AppIdSessionHA *appHA = (AppIdSessionHA *)buf;
  496     struct AppIdData *appIdData = _dpd.sessionAPI->get_application_data(lwssn, PP_APP_ID);
  497     if (appIdData && _dpd.appIdApi->getFlowType(appIdData) != APPID_FLOW_TYPE_NORMAL)
  498         appIdData = NULL;
  499     if (appIdData)
  500     {
  501 
  502         appHA->flags = APPID_HA_FLAGS_APP;
  503         if (TPIsAppIdAvailable(appIdData->tpsession))
  504             appHA->flags |= APPID_HA_FLAGS_TP_DONE;
  505         if (getAppIdFlag(appIdData, APPID_SESSION_SERVICE_DETECTED))
  506             appHA->flags |= APPID_HA_FLAGS_SVC_DONE;
  507         if (getAppIdFlag(appIdData, APPID_SESSION_HTTP_SESSION))
  508             appHA->flags |= APPID_HA_FLAGS_HTTP;
  509         appHA->appId[0] = appIdData->tpAppId;
  510         appHA->appId[1] = appIdData->serviceAppId;
  511         appHA->appId[2] = appIdData->clientServiceAppId;
  512         appHA->appId[3] = appIdData->portServiceAppId;
  513         appHA->appId[4] = appIdData->payloadAppId;
  514         appHA->appId[5] = appIdData->tpPayloadAppId;
  515         appHA->appId[6] = appIdData->clientAppId;
  516         appHA->appId[7] = appIdData->miscAppId;
  517     }
  518     else
  519     {
  520         memset(appHA, 0, sizeof(*appHA));
  521     }
  522     return sizeof(*appHA);
  523 }
  524 uint32_t consumeHAState(void *lwssn, const uint8_t *buf, uint8_t length, uint8_t proto, const struct in6_addr *ip,  uint16_t initiatorPort)
  525 {
  526     AppIdSessionHA *appHA = (AppIdSessionHA *)buf;
  527     if (appHA->flags & APPID_HA_FLAGS_APP)
  528     {
  529         struct AppIdData *appIdData = (tAppIdData*)_dpd.sessionAPI->get_application_data(lwssn, PP_APP_ID);
  530     if (appIdData && _dpd.appIdApi->getFlowType(appIdData) != APPID_FLOW_TYPE_NORMAL)
  531             return sizeof(*appHA);
  532 
  533         if (!appIdData)
  534         {
  535             appIdData = appSharedDataAlloc(proto, ip, initiatorPort);
  536             _dpd.sessionAPI->set_application_data(lwssn, PP_APP_ID, appIdData, (void (*)(void *))appSharedDataDelete);
  537             appIdData->serviceAppId = appHA->appId[1];
  538             if (appIdData->serviceAppId == APP_ID_FTP_CONTROL)
  539             {
  540                 setAppIdFlag(appIdData, APPID_SESSION_CLIENT_DETECTED | APPID_SESSION_NOT_A_SERVICE | APPID_SESSION_SERVICE_DETECTED);
  541                 if (!AddFTPServiceState(appIdData))
  542                 {
  543                     setAppIdFlag(appIdData, APPID_SESSION_CONTINUE);
  544                 }
  545                 appIdData->rnaServiceState = RNA_STATE_STATEFUL;
  546             }
  547             else
  548                 appIdData->rnaServiceState = RNA_STATE_FINISHED;
  549             appIdData->rnaClientState = RNA_STATE_FINISHED;
  550             if (thirdparty_appid_module)
  551                 thirdparty_appid_module->session_state_set(appIdData->tpsession, TP_STATE_HA);
  552         }
  553 
  554         if (appHA->flags & APPID_HA_FLAGS_TP_DONE && thirdparty_appid_module)
  555         {
  556             thirdparty_appid_module->session_state_set(appIdData->tpsession, TP_STATE_TERMINATED);
  557             setAppIdFlag(appIdData, APPID_SESSION_NO_TPI);
  558         }
  559         if (appHA->flags & APPID_HA_FLAGS_SVC_DONE)
  560             setAppIdFlag(appIdData, APPID_SESSION_SERVICE_DETECTED);
  561         if (appHA->flags & APPID_HA_FLAGS_HTTP)
  562             setAppIdFlag(appIdData, APPID_SESSION_HTTP_SESSION);
  563 
  564         appIdData->tpAppId = appHA->appId[0];
  565         appIdData->serviceAppId = appHA->appId[1];
  566         appIdData->clientServiceAppId = appHA->appId[2];
  567         appIdData->portServiceAppId = appHA->appId[3];
  568         appIdData->payloadAppId = appHA->appId[4];
  569         appIdData->tpPayloadAppId = appHA->appId[5];
  570         appIdData->clientAppId = appHA->appId[6];
  571         appIdData->miscAppId = appHA->appId[7];
  572 
  573     }
  574     return sizeof(*appHA);
  575 }
  576 
  577 char* getDNSQuery(struct AppIdData *appIdData, uint8_t *query_len, bool *got_response)
  578 {
  579     if (appIdData && appIdData->dsession)
  580     {
  581         if (query_len)
  582         {
  583             if (appIdData->dsession->host)
  584                 *query_len = appIdData->dsession->host_len;
  585             else
  586                 *query_len = 0;
  587         }
  588         if (got_response)
  589             *got_response = (appIdData->dsession->state & DNS_GOT_RESPONSE) ? true : false;
  590         return appIdData->dsession->host;
  591     }
  592     if (query_len)
  593         *query_len = 0;
  594     if (got_response)
  595         *got_response = false;
  596     return NULL;
  597 }
  598 
  599 uint16_t getDNSQueryoffset(struct AppIdData *appIdData)
  600 {
  601     if (appIdData && appIdData->dsession)
  602         return appIdData->dsession->host_offset;
  603     return 0;
  604 }
  605 uint16_t getDNSRecordType(struct AppIdData *appIdData)
  606 {
  607     if (appIdData && appIdData->dsession)
  608         return appIdData->dsession->record_type;
  609     return 0;
  610 }
  611 uint8_t getDNSResponseType(struct AppIdData *appIdData)
  612 {
  613     if (appIdData && appIdData->dsession)
  614         return appIdData->dsession->response_type;
  615     return 0;
  616 }
  617 uint32_t getDNSTTL(struct AppIdData *appIdData)
  618 {
  619     if (appIdData && appIdData->dsession)
  620         return appIdData->dsession->ttl;
  621     return 0;
  622 }
  623 
  624 uint16_t getDNSOptionsOffset(struct AppIdData* appIdData)
  625 {
  626     if (appIdData && appIdData->dsession)
  627         return appIdData->dsession->options_offset;
  628     return 0;
  629 }
  630 
  631 static void dumpDebugHostInfo(void)
  632 {
  633     char ipStr[INET6_ADDRSTRLEN];
  634 
  635     ipStr[0] = '\0';
  636     if (AppIdDebugHostInfo.family == AF_INET)
  637         inet_ntop(AF_INET, (const struct in6_addr*) &AppIdDebugHostInfo.initiatorIp.s6_addr32[3], ipStr, sizeof(ipStr));
  638     else
  639         inet_ntop(AF_INET6, &AppIdDebugHostInfo.initiatorIp, ipStr, sizeof(ipStr));
  640     _dpd.logMsg("AppIdDebugHost: session %s, initiator %s:%u, direction %d, protocol %u, monitorType %d\n",
  641                 AppIdDebugHostInfo.session ? "not null" : "null", ipStr, AppIdDebugHostInfo.initiatorPort, AppIdDebugHostInfo.direction, AppIdDebugHostInfo.protocol, AppIdDebugHostInfo.monitorType);
  642 }
  643 
  644 static struct AppIdApi appIdDispatchTable = {
  645     appGetAppName,
  646     appGetAppId,
  647 
  648     getServiceAppId,
  649     getPortServiceAppId,
  650     getOnlyServiceAppId,
  651     getMiscAppId,
  652     getClientAppId,
  653     getPayloadAppId,
  654     getReferredAppId,
  655     getFwServiceAppId,
  656     getFwMiscAppId,
  657     getFwClientAppId,
  658     getFwPayloadAppId,
  659     getFwReferredAppId,
  660     getFwMultiPayloadList,
  661 
  662     isSessionSslDecrypted,
  663     IsAppIdInspectingSession,
  664     isAppIdAvailable,
  665 
  666     getUserName,
  667     getClientVersion,
  668 
  669     getAppIdSessionAttribute,
  670 
  671     getFlowType,
  672     getServiceInfo,
  673     getServicePort,
  674     getServiceIp,
  675     getInitiatorIp,
  676 
  677     getHttpUserAgent,
  678     getHttpHost,
  679     getHttpUrl,
  680     getHttpReferer,
  681     getHttpNewUrl,
  682     getHttpUri,
  683     getHttpResponseCode,
  684     getHttpCookie,
  685     getHttpNewCookie,
  686     getHttpContentType,
  687     getHttpLocation,
  688     getHttpBody,
  689     getHttpReqBody,
  690     getHttpUriOffset,
  691     getHttpUriEndOffset,
  692     getHttpCookieOffset,
  693     getHttpCookieEndOffset,
  694     getHttpSearch,
  695     getHttpXffAddr,
  696 
  697     getTlsHost,
  698 
  699     getDhcpFpData,
  700     freeDhcpFpData,
  701     getDhcpInfo,
  702     freeDhcpInfo,
  703     getSmbFpData,
  704     freeSmbFpData,
  705     getNetbiosName,
  706     produceHAState,
  707     consumeHAState,
  708 
  709     getAppIdData,
  710     getAppIdSessionPacketCount,
  711 
  712     getDNSQuery,
  713     getDNSQueryoffset,
  714     getDNSRecordType,
  715     getDNSResponseType,
  716     getDNSTTL,
  717     getDNSOptionsOffset,
  718 
  719     getHttpNewField,
  720     freeHttpNewField,
  721     getHttpFieldOffset,
  722     getHttpFieldEndOffset,
  723     isHttpInspectionDone,
  724     dumpDebugHostInfo
  725 };
  726 
  727 void appIdApiInit(struct AppIdApi *api)
  728 {
  729     *api = appIdDispatchTable;
  730 }