"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/inspectors/appid_listener/appid_listener.cc" (23 Sep 2020, 4715 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appid_listener.cc" see the Fossies "Dox" file reference documentation.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 // appid_listener.cc author Rajeshwari Adapalam <rajadapa@cisco.com>
   19 
   20 #include "appid_listener.h"
   21 
   22 #include <ctime>
   23 
   24 #include "framework/decode_data.h"
   25 #include "framework/inspector.h"
   26 #include "framework/module.h"
   27 #include "main/snort_config.h"
   28 #include "main/snort_types.h"
   29 #include "profiler/profiler.h"
   30 #include "pub_sub/http_events.h"
   31 #include "time/packet_time.h"
   32 
   33 #include "appid_listener_event_handler.h"
   34 
   35 using namespace snort;
   36 
   37 static const char* s_help = "log selected published data to appid_listener.log";
   38 
   39 static const Parameter s_params[] =
   40 {
   41     { "json_logging", Parameter::PT_BOOL, nullptr, "false",
   42         "log appid data in json format" },
   43     { "file", Parameter::PT_STRING, nullptr, nullptr,
   44         "output data to given file" },
   45     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
   46 };
   47 
   48 class AppIdListenerModule : public Module
   49 {
   50 public:
   51     AppIdListenerModule() : Module(MOD_NAME, s_help, s_params) { }
   52 
   53     ~AppIdListenerModule() override
   54     {
   55         delete config;
   56     }
   57 
   58     bool begin(const char*, int, SnortConfig*) override
   59     {
   60         if ( config )
   61             return false;
   62 
   63         config = new AppIdListenerConfig;
   64         return true;
   65     }
   66 
   67     bool set(const char*, Value& v, SnortConfig*) override
   68     {
   69         if ( v.is("json_logging") )
   70             config->json_logging = v.get_bool();
   71         else if ( v.is("file") )
   72             config->file_name = v.get_string();
   73 
   74         return true;
   75     }
   76 
   77     AppIdListenerConfig* get_data()
   78     {
   79         AppIdListenerConfig* temp = config;
   80         config = nullptr;
   81         return temp;
   82     }
   83 
   84 private:
   85     AppIdListenerConfig* config = nullptr;
   86 };
   87 
   88 //-------------------------------------------------------------------------
   89 // inspector stuff
   90 //-------------------------------------------------------------------------
   91 
   92 class AppIdListenerInspector : public Inspector
   93 {
   94 public:
   95     AppIdListenerInspector(AppIdListenerModule& mod)
   96     {
   97         config = mod.get_data();
   98         assert(config);
   99     }
  100 
  101     ~AppIdListenerInspector() override
  102     { delete config; }
  103 
  104     void eval(Packet*) override { }
  105 
  106     bool configure(SnortConfig* sc) override
  107     {
  108         assert(config);
  109         sc->set_run_flags(RUN_FLAG__TRACK_ON_SYN);
  110         if (!config->file_name.empty())
  111         {
  112             config->file_stream.open(config->file_name);
  113             if (!config->file_stream.is_open())
  114                 WarningMessage("appid_listener: can't open file %s\n", config->file_name.c_str());
  115         }
  116         DataBus::subscribe(APPID_EVENT_ANY_CHANGE, new AppIdListenerEventHandler(*config));
  117         return true;
  118     }
  119 
  120 private:
  121     AppIdListenerConfig* config = nullptr;
  122 };
  123 
  124 //-------------------------------------------------------------------------
  125 // api stuff
  126 //-------------------------------------------------------------------------
  127 
  128 static Module* mod_ctor()
  129 {
  130     return new AppIdListenerModule;
  131 }
  132 
  133 static void mod_dtor(Module* m)
  134 {
  135     delete m;
  136 }
  137 
  138 static Inspector* al_ctor(Module* m)
  139 {
  140     assert(m);
  141     return new AppIdListenerInspector((AppIdListenerModule&)*m);
  142 }
  143 
  144 static void al_dtor(Inspector* p)
  145 {
  146     delete p;
  147 }
  148 
  149 static const InspectApi appid_lstnr_api
  150 {
  151     {
  152         PT_INSPECTOR,
  153         sizeof(InspectApi),
  154         INSAPI_VERSION,
  155         0,
  156         API_RESERVED,
  157         API_OPTIONS,
  158         MOD_NAME,
  159         s_help,
  160         mod_ctor,
  161         mod_dtor
  162     },
  163     IT_PASSIVE,
  164     PROTO_BIT__NONE,
  165     nullptr, // buffers
  166     nullptr, // service
  167     nullptr, // pinit
  168     nullptr, // pterm
  169     nullptr, // tinit,
  170     nullptr, // tterm,
  171     al_ctor,
  172     al_dtor,
  173     nullptr, // ssn
  174     nullptr  // reset
  175 };
  176 
  177 SO_PUBLIC const BaseApi* snort_plugins[] =
  178 {
  179     &appid_lstnr_api.base,
  180     nullptr
  181 };