SnortExtras: .../appid_listener.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.51.0/src/inspectors/appid_listener/appid_listener.cc" (20 Dec 2022, 4778 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appid_listener.cc" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report:

3.1.48.0_vs_3.1.50.0.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2020-2022 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 // appid_listener.cc author Rajeshwari Adapalam <rajadapa@cisco.com> 19 20 #include "appid_listener.h" 21 22 #include <ctime> 23 24 #include "framework/decode_data.h" 25 #include "framework/inspector.h" 26 #include "framework/module.h" 27 #include "main/snort_config.h" 28 #include "main/snort_types.h" 29 #include "profiler/profiler.h" 30 #include "pub_sub/appid_event_ids.h" 31 #include "pub_sub/http_events.h" 32 #include "time/packet_time.h" 33 34 #include "appid_listener_event_handler.h" 35 36 using namespace snort; 37 38 static const char* s_help = "log selected published data to appid_listener.log"; 39 40 static const Parameter s_params[] = 41 { 42 { "json_logging", Parameter::PT_BOOL, nullptr, "false", 43 "log appid data in json format" }, 44 { "file", Parameter::PT_STRING, nullptr, nullptr, 45 "output data to given file" }, 46 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } 47 }; 48 49 class AppIdListenerModule : public Module 50 { 51 public: 52 AppIdListenerModule() : Module(MOD_NAME, s_help, s_params) { } 53 54 ~AppIdListenerModule() override 55 { 56 delete config; 57 } 58 59 bool begin(const char*, int, SnortConfig*) override 60 { 61 if ( config ) 62 return false; 63 64 config = new AppIdListenerConfig; 65 return true; 66 } 67 68 bool set(const char*, Value& v, SnortConfig*) override 69 { 70 if ( v.is("json_logging") ) 71 config->json_logging = v.get_bool(); 72 else if ( v.is("file") ) 73 config->file_name = v.get_string(); 74 75 return true; 76 } 77 78 AppIdListenerConfig* get_data() 79 { 80 AppIdListenerConfig* temp = config; 81 config = nullptr; 82 return temp; 83 } 84 85 private: 86 AppIdListenerConfig* config = nullptr; 87 }; 88 89 //------------------------------------------------------------------------- 90 // inspector stuff 91 //------------------------------------------------------------------------- 92 93 class AppIdListenerInspector : public Inspector 94 { 95 public: 96 AppIdListenerInspector(AppIdListenerModule& mod) 97 { 98 config = mod.get_data(); 99 assert(config); 100 } 101 102 ~AppIdListenerInspector() override 103 { delete config; } 104 105 void eval(Packet*) override { } 106 107 bool configure(SnortConfig* sc) override 108 { 109 assert(config); 110 sc->set_run_flags(RUN_FLAG__TRACK_ON_SYN); 111 if (!config->file_name.empty()) 112 { 113 config->file_stream.open(config->file_name); 114 if (!config->file_stream.is_open()) 115 WarningMessage("appid_listener: can't open file %s\n", config->file_name.c_str()); 116 } 117 DataBus::subscribe_network(appid_pub_key, AppIdEventIds::ANY_CHANGE, new AppIdListenerEventHandler(*config)); 118 return true; 119 } 120 121 private: 122 AppIdListenerConfig* config = nullptr; 123 }; 124 125 //------------------------------------------------------------------------- 126 // api stuff 127 //------------------------------------------------------------------------- 128 129 static Module* mod_ctor() 130 { 131 return new AppIdListenerModule; 132 } 133 134 static void mod_dtor(Module* m) 135 { 136 delete m; 137 } 138 139 static Inspector* al_ctor(Module* m) 140 { 141 assert(m); 142 return new AppIdListenerInspector((AppIdListenerModule&)*m); 143 } 144 145 static void al_dtor(Inspector* p) 146 { 147 delete p; 148 } 149 150 static const InspectApi appid_lstnr_api 151 { 152 { 153 PT_INSPECTOR, 154 sizeof(InspectApi), 155 INSAPI_VERSION, 156 0, 157 API_RESERVED, 158 API_OPTIONS, 159 MOD_NAME, 160 s_help, 161 mod_ctor, 162 mod_dtor 163 }, 164 IT_PASSIVE, 165 PROTO_BIT__NONE, 166 nullptr, // buffers 167 nullptr, // service 168 nullptr, // pinit 169 nullptr, // pterm 170 nullptr, // tinit, 171 nullptr, // tterm, 172 al_ctor, 173 al_dtor, 174 nullptr, // ssn 175 nullptr // reset 176 }; 177 178 SO_PUBLIC const BaseApi* snort_plugins[] = 179 { 180 &appid_lstnr_api.base, 181 nullptr 182 };