SnortExtras: .../appid_listener.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/inspectors/appid_listener/appid_listener.cc" (23 Sep 2020, 4715 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appid_listener.cc" see the Fossies "Dox" file reference documentation.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 // appid_listener.cc author Rajeshwari Adapalam <rajadapa@cisco.com> 19 20 #include "appid_listener.h" 21 22 #include <ctime> 23 24 #include "framework/decode_data.h" 25 #include "framework/inspector.h" 26 #include "framework/module.h" 27 #include "main/snort_config.h" 28 #include "main/snort_types.h" 29 #include "profiler/profiler.h" 30 #include "pub_sub/http_events.h" 31 #include "time/packet_time.h" 32 33 #include "appid_listener_event_handler.h" 34 35 using namespace snort; 36 37 static const char* s_help = "log selected published data to appid_listener.log"; 38 39 static const Parameter s_params[] = 40 { 41 { "json_logging", Parameter::PT_BOOL, nullptr, "false", 42 "log appid data in json format" }, 43 { "file", Parameter::PT_STRING, nullptr, nullptr, 44 "output data to given file" }, 45 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } 46 }; 47 48 class AppIdListenerModule : public Module 49 { 50 public: 51 AppIdListenerModule() : Module(MOD_NAME, s_help, s_params) { } 52 53 ~AppIdListenerModule() override 54 { 55 delete config; 56 } 57 58 bool begin(const char*, int, SnortConfig*) override 59 { 60 if ( config ) 61 return false; 62 63 config = new AppIdListenerConfig; 64 return true; 65 } 66 67 bool set(const char*, Value& v, SnortConfig*) override 68 { 69 if ( v.is("json_logging") ) 70 config->json_logging = v.get_bool(); 71 else if ( v.is("file") ) 72 config->file_name = v.get_string(); 73 74 return true; 75 } 76 77 AppIdListenerConfig* get_data() 78 { 79 AppIdListenerConfig* temp = config; 80 config = nullptr; 81 return temp; 82 } 83 84 private: 85 AppIdListenerConfig* config = nullptr; 86 }; 87 88 //------------------------------------------------------------------------- 89 // inspector stuff 90 //------------------------------------------------------------------------- 91 92 class AppIdListenerInspector : public Inspector 93 { 94 public: 95 AppIdListenerInspector(AppIdListenerModule& mod) 96 { 97 config = mod.get_data(); 98 assert(config); 99 } 100 101 ~AppIdListenerInspector() override 102 { delete config; } 103 104 void eval(Packet*) override { } 105 106 bool configure(SnortConfig* sc) override 107 { 108 assert(config); 109 sc->set_run_flags(RUN_FLAG__TRACK_ON_SYN); 110 if (!config->file_name.empty()) 111 { 112 config->file_stream.open(config->file_name); 113 if (!config->file_stream.is_open()) 114 WarningMessage("appid_listener: can't open file %s\n", config->file_name.c_str()); 115 } 116 DataBus::subscribe(APPID_EVENT_ANY_CHANGE, new AppIdListenerEventHandler(*config)); 117 return true; 118 } 119 120 private: 121 AppIdListenerConfig* config = nullptr; 122 }; 123 124 //------------------------------------------------------------------------- 125 // api stuff 126 //------------------------------------------------------------------------- 127 128 static Module* mod_ctor() 129 { 130 return new AppIdListenerModule; 131 } 132 133 static void mod_dtor(Module* m) 134 { 135 delete m; 136 } 137 138 static Inspector* al_ctor(Module* m) 139 { 140 assert(m); 141 return new AppIdListenerInspector((AppIdListenerModule&)*m); 142 } 143 144 static void al_dtor(Inspector* p) 145 { 146 delete p; 147 } 148 149 static const InspectApi appid_lstnr_api 150 { 151 { 152 PT_INSPECTOR, 153 sizeof(InspectApi), 154 INSAPI_VERSION, 155 0, 156 API_RESERVED, 157 API_OPTIONS, 158 MOD_NAME, 159 s_help, 160 mod_ctor, 161 mod_dtor 162 }, 163 IT_PASSIVE, 164 PROTO_BIT__NONE, 165 nullptr, // buffers 166 nullptr, // service 167 nullptr, // pinit 168 nullptr, // pterm 169 nullptr, // tinit, 170 nullptr, // tterm, 171 al_ctor, 172 al_dtor, 173 nullptr, // ssn 174 nullptr // reset 175 }; 176 177 SO_PUBLIC const BaseApi* snort_plugins[] = 178 { 179 &appid_lstnr_api.base, 180 nullptr 181 };