"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/dynamic-preprocessors/appid/thirdparty_appid_utils.c" (16 Oct 2020, 7641 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "thirdparty_appid_utils.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /****************************************************************************
    2  *
    3  * Copyright (C) 2015-2020 Cisco and/or its affiliates. All rights reserved.
    4  * Copyright (C) 2005-2011 Sourcefire, Inc.
    5  *
    6  * This program is free software; you can redistribute it and/or modify
    7  * it under the terms of the GNU General Public License Version 2 as
    8  * published by the Free Software Foundation.  You may not use, modify or
    9  * distribute this program under any other version of the GNU General
   10  * Public License.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
   20  *
   21  ****************************************************************************/
   22 
   23 #include "thirdparty_appid_utils.h"
   24 
   25 #include <stdbool.h>
   26 #include <stdint.h>
   27 
   28 #include "sf_dynamic_preprocessor.h"
   29 #include "commonAppMatcher.h"
   30 
   31 #define MODULE_SYMBOL "thirdparty_appid_impl_module"
   32 
   33 static _PluginHandle module_handle = NULL;
   34 static struct ThirdPartyConfig thirdpartyConfig;
   35 ThirdPartyAppIDModule* thirdparty_appid_module = NULL;
   36 
   37 static int LoadCallback(struct _SnortConfig *sc, const char * const path, int indent)
   38 {
   39     _PluginHandle handle_tmp;
   40     ThirdPartyAppIDModule* module_tmp;
   41     DynamicPluginMeta meta;
   42 
   43     if (thirdparty_appid_module != NULL)
   44     {
   45         _dpd.errMsg("Ignoring additional 3rd party AppID module (%s)!\n", path ? : "");
   46         return 0;
   47     }
   48 
   49     handle_tmp = _dpd.openDynamicLibrary(path, 0);
   50     if (handle_tmp == NULL)
   51     {
   52         _dpd.errMsg("Could not load 3rd party AppID module (%s)!\n", path ? : "");
   53         return 0;
   54     }
   55     meta.libraryPath = (char *)path;
   56 
   57     module_tmp = (ThirdPartyAppIDModule*)_dpd.getSymbol(handle_tmp, MODULE_SYMBOL, &meta, 1);
   58     if (module_tmp == NULL)
   59     {
   60         _dpd.errMsg("Ignoring invalid 3rd party AppID module (%s)!\n", path ? : "");
   61         _dpd.closeDynamicLibrary(handle_tmp);
   62         return 0;
   63     }
   64 
   65     if (    (module_tmp->api_version != THIRD_PARTY_APP_ID_API_VERSION)
   66          || ((module_tmp->module_name == NULL) || (module_tmp->module_name[0] == 0))
   67          || (module_tmp->init == NULL)
   68          || (module_tmp->fini == NULL)
   69          || (module_tmp->session_create == NULL)
   70          || (module_tmp->session_delete == NULL)
   71          || (module_tmp->session_process == NULL)
   72          || (module_tmp->print_stats == NULL)
   73          || (module_tmp->reset_stats == NULL)
   74          || (module_tmp->disable_flags == NULL) )
   75     {
   76         _dpd.errMsg("Ignoring incomplete 3rd party AppID module (%s)!\n", path ? : "");
   77         _dpd.closeDynamicLibrary(handle_tmp);
   78         return 0;
   79     }
   80 
   81     DEBUG_WRAP(DebugMessage(DEBUG_APPID, "Found 3rd party AppID module (%s).\n", module_tmp->module_name ? : ""););
   82     module_handle = handle_tmp;
   83     thirdparty_appid_module = module_tmp;
   84     return 0;
   85 }
   86 
   87 static void getXffFields(void)
   88 {
   89     static char* defaultXffFields[] = {HTTP_XFF_FIELD_X_FORWARDED_FOR, HTTP_XFF_FIELD_TRUE_CLIENT_IP};
   90     char** xffFields;
   91     int i;
   92 
   93     xffFields = _dpd.getHttpXffFields(&thirdpartyConfig.numXffFields);
   94     if (!xffFields)
   95     {
   96         xffFields = defaultXffFields;
   97         thirdpartyConfig.numXffFields = sizeof(defaultXffFields) / sizeof(defaultXffFields[0]);
   98     }
   99     thirdpartyConfig.xffFields = malloc(thirdpartyConfig.numXffFields * sizeof(char*));
  100     if(!thirdpartyConfig.xffFields)
  101     {
  102          _dpd.errMsg("getXffFields: Failed to allocate memory for xffFields in thirdpartyConfig\n");
  103     }
  104     for (i = 0; i < thirdpartyConfig.numXffFields; i++)
  105         thirdpartyConfig.xffFields[i] = strndup(xffFields[i], UINT8_MAX);
  106 }
  107 
  108 void ThirdPartyAppIDInit(struct AppidStaticConfig *appidStaticConfig)
  109 {
  110     const char* thirdparty_appid_dir = appidStaticConfig->appid_thirdparty_dir;
  111     int ret;
  112     const char* dir = NULL;
  113     struct ThirdPartyUtils thirdpartyUtils;
  114 
  115     if (thirdparty_appid_module != NULL)
  116     {
  117         return;
  118     }
  119 
  120     if ((thirdparty_appid_dir == NULL) || (thirdparty_appid_dir[0] == 0))
  121     {
  122         return;
  123     }
  124     else
  125     {
  126         dir = thirdparty_appid_dir;
  127     }
  128 
  129     _dpd.loadAllLibs(NULL, dir, LoadCallback);
  130     if (thirdparty_appid_module == NULL)
  131     {
  132         DEBUG_WRAP(DebugMessage(DEBUG_APPID, "No 3rd party AppID module loaded.\n"););
  133         return;
  134     }
  135 
  136     memset(&thirdpartyConfig, 0, sizeof(thirdpartyConfig));
  137     thirdpartyConfig.chp_body_collection_max = appidStaticConfig->chp_body_collection_max;
  138     thirdpartyConfig.ftp_userid_disabled = appidStaticConfig->ftp_userid_disabled;
  139     thirdpartyConfig.chp_body_collection_disabled = appidStaticConfig->chp_body_collection_disabled;
  140     thirdpartyConfig.tp_allow_probes = appidStaticConfig->tp_allow_probes;
  141     if (appidStaticConfig->http2_detection_enabled)
  142         thirdpartyConfig.http_upgrade_reporting_enabled = 1;
  143     else
  144         thirdpartyConfig.http_upgrade_reporting_enabled = 0;
  145 
  146     if (appidStaticConfig->tp_config_path)
  147     {
  148         strncpy(thirdpartyConfig.tp_config_path, appidStaticConfig->tp_config_path, TP_PATH_MAX);
  149         thirdpartyConfig.tp_config_path[TP_PATH_MAX-1] = '\0';
  150     }
  151     else
  152         thirdpartyConfig.tp_config_path[0] = '\0'; // use default path
  153 
  154     thirdpartyUtils.logMsg           = _dpd.logMsg;
  155     thirdpartyUtils.getSnortInstance = _dpd.getSnortInstance;
  156 
  157     getXffFields();
  158 
  159     ret = thirdparty_appid_module->init(&thirdpartyConfig, &thirdpartyUtils);
  160     if (ret != 0)
  161     {
  162         _dpd.errMsg("Unable to initialize 3rd party AppID module (%d)!\n", ret);
  163         _dpd.closeDynamicLibrary(module_handle);
  164         module_handle = NULL;
  165         thirdparty_appid_module = NULL;
  166         return;
  167     }
  168 
  169     DEBUG_WRAP(DebugMessage(DEBUG_APPID, "3rd party AppID module loaded and initialized OK (%s).\n", thirdparty_appid_module->module_name ? : ""););
  170 }
  171 
  172 void ThirdPartyAppIDReconfigure(void)
  173 {
  174     int ret;
  175     int i;
  176 
  177     if (thirdparty_appid_module == NULL)
  178     {
  179         DEBUG_WRAP(DebugMessage(DEBUG_APPID, "No 3rd party AppID module loaded.\n"););
  180         return;
  181     }
  182 
  183     thirdpartyConfig.oldNumXffFields = thirdpartyConfig.numXffFields;
  184     thirdpartyConfig.oldXffFields = thirdpartyConfig.xffFields;
  185 
  186     getXffFields();
  187 
  188     ret = thirdparty_appid_module->reconfigure(&thirdpartyConfig);
  189 
  190     for (i = 0; i < thirdpartyConfig.oldNumXffFields; i++)
  191         free(thirdpartyConfig.oldXffFields[i]);
  192     free(thirdpartyConfig.oldXffFields);
  193 
  194     if (ret != 0)
  195     {
  196         _dpd.errMsg("Unable to reconfigure 3rd party AppID module (%d)!\n", ret);
  197         return;
  198     }
  199 
  200     DEBUG_WRAP(DebugMessage(DEBUG_APPID, "3rd party AppID module reconfigured OK (%s).\n", thirdparty_appid_module->module_name ? : ""););
  201 }
  202 
  203 void ThirdPartyAppIDFini(void)
  204 {
  205     int ret;
  206     int i;
  207 
  208     if (thirdparty_appid_module != NULL)
  209     {
  210         ret = thirdparty_appid_module->fini();
  211 
  212         for (i = 0; i < thirdpartyConfig.numXffFields; i++)
  213             free(thirdpartyConfig.xffFields[i]);
  214         free(thirdpartyConfig.xffFields);
  215 
  216         if (ret != 0)
  217         {
  218             _dpd.errMsg("Could not finalize 3rd party AppID module (%d)!\n", ret);
  219         }
  220 
  221         _dpd.closeDynamicLibrary(module_handle);
  222         module_handle = NULL;
  223         thirdparty_appid_module = NULL;
  224 
  225         DEBUG_WRAP(DebugMessage(DEBUG_APPID, "3rd party AppID module finalized and unloaded OK.\n"););
  226     }
  227 }