"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.51.0/src/inspectors/appid_listener/appid_listener.cc" (20 Dec 2022, 4778 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appid_listener.cc" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 3.1.48.0_vs_3.1.50.0.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2020-2022 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 // appid_listener.cc author Rajeshwari Adapalam <rajadapa@cisco.com>
   19 
   20 #include "appid_listener.h"
   21 
   22 #include <ctime>
   23 
   24 #include "framework/decode_data.h"
   25 #include "framework/inspector.h"
   26 #include "framework/module.h"
   27 #include "main/snort_config.h"
   28 #include "main/snort_types.h"
   29 #include "profiler/profiler.h"
   30 #include "pub_sub/appid_event_ids.h"
   31 #include "pub_sub/http_events.h"
   32 #include "time/packet_time.h"
   33 
   34 #include "appid_listener_event_handler.h"
   35 
   36 using namespace snort;
   37 
   38 static const char* s_help = "log selected published data to appid_listener.log";
   39 
   40 static const Parameter s_params[] =
   41 {
   42     { "json_logging", Parameter::PT_BOOL, nullptr, "false",
   43         "log appid data in json format" },
   44     { "file", Parameter::PT_STRING, nullptr, nullptr,
   45         "output data to given file" },
   46     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
   47 };
   48 
   49 class AppIdListenerModule : public Module
   50 {
   51 public:
   52     AppIdListenerModule() : Module(MOD_NAME, s_help, s_params) { }
   53 
   54     ~AppIdListenerModule() override
   55     {
   56         delete config;
   57     }
   58 
   59     bool begin(const char*, int, SnortConfig*) override
   60     {
   61         if ( config )
   62             return false;
   63 
   64         config = new AppIdListenerConfig;
   65         return true;
   66     }
   67 
   68     bool set(const char*, Value& v, SnortConfig*) override
   69     {
   70         if ( v.is("json_logging") )
   71             config->json_logging = v.get_bool();
   72         else if ( v.is("file") )
   73             config->file_name = v.get_string();
   74 
   75         return true;
   76     }
   77 
   78     AppIdListenerConfig* get_data()
   79     {
   80         AppIdListenerConfig* temp = config;
   81         config = nullptr;
   82         return temp;
   83     }
   84 
   85 private:
   86     AppIdListenerConfig* config = nullptr;
   87 };
   88 
   89 //-------------------------------------------------------------------------
   90 // inspector stuff
   91 //-------------------------------------------------------------------------
   92 
   93 class AppIdListenerInspector : public Inspector
   94 {
   95 public:
   96     AppIdListenerInspector(AppIdListenerModule& mod)
   97     {
   98         config = mod.get_data();
   99         assert(config);
  100     }
  101 
  102     ~AppIdListenerInspector() override
  103     { delete config; }
  104 
  105     void eval(Packet*) override { }
  106 
  107     bool configure(SnortConfig* sc) override
  108     {
  109         assert(config);
  110         sc->set_run_flags(RUN_FLAG__TRACK_ON_SYN);
  111         if (!config->file_name.empty())
  112         {
  113             config->file_stream.open(config->file_name);
  114             if (!config->file_stream.is_open())
  115                 WarningMessage("appid_listener: can't open file %s\n", config->file_name.c_str());
  116         }
  117         DataBus::subscribe_network(appid_pub_key, AppIdEventIds::ANY_CHANGE, new AppIdListenerEventHandler(*config));
  118         return true;
  119     }
  120 
  121 private:
  122     AppIdListenerConfig* config = nullptr;
  123 };
  124 
  125 //-------------------------------------------------------------------------
  126 // api stuff
  127 //-------------------------------------------------------------------------
  128 
  129 static Module* mod_ctor()
  130 {
  131     return new AppIdListenerModule;
  132 }
  133 
  134 static void mod_dtor(Module* m)
  135 {
  136     delete m;
  137 }
  138 
  139 static Inspector* al_ctor(Module* m)
  140 {
  141     assert(m);
  142     return new AppIdListenerInspector((AppIdListenerModule&)*m);
  143 }
  144 
  145 static void al_dtor(Inspector* p)
  146 {
  147     delete p;
  148 }
  149 
  150 static const InspectApi appid_lstnr_api
  151 {
  152     {
  153         PT_INSPECTOR,
  154         sizeof(InspectApi),
  155         INSAPI_VERSION,
  156         0,
  157         API_RESERVED,
  158         API_OPTIONS,
  159         MOD_NAME,
  160         s_help,
  161         mod_ctor,
  162         mod_dtor
  163     },
  164     IT_PASSIVE,
  165     PROTO_BIT__NONE,
  166     nullptr, // buffers
  167     nullptr, // service
  168     nullptr, // pinit
  169     nullptr, // pterm
  170     nullptr, // tinit,
  171     nullptr, // tterm,
  172     al_ctor,
  173     al_dtor,
  174     nullptr, // ssn
  175     nullptr  // reset
  176 };
  177 
  178 SO_PUBLIC const BaseApi* snort_plugins[] =
  179 {
  180     &appid_lstnr_api.base,
  181     nullptr
  182 };