"Fossies" - the Fresh Open Source Software Archive 
Member "snort3_extra-3.1.51.0/src/inspectors/appid_listener/appid_listener.cc" (20 Dec 2022, 4778 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "appid_listener.cc" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
3.1.48.0_vs_3.1.50.0.
1 //--------------------------------------------------------------------------
2 // Copyright (C) 2020-2022 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation. You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 //--------------------------------------------------------------------------
18 // appid_listener.cc author Rajeshwari Adapalam <rajadapa@cisco.com>
19
20 #include "appid_listener.h"
21
22 #include <ctime>
23
24 #include "framework/decode_data.h"
25 #include "framework/inspector.h"
26 #include "framework/module.h"
27 #include "main/snort_config.h"
28 #include "main/snort_types.h"
29 #include "profiler/profiler.h"
30 #include "pub_sub/appid_event_ids.h"
31 #include "pub_sub/http_events.h"
32 #include "time/packet_time.h"
33
34 #include "appid_listener_event_handler.h"
35
36 using namespace snort;
37
38 static const char* s_help = "log selected published data to appid_listener.log";
39
40 static const Parameter s_params[] =
41 {
42 { "json_logging", Parameter::PT_BOOL, nullptr, "false",
43 "log appid data in json format" },
44 { "file", Parameter::PT_STRING, nullptr, nullptr,
45 "output data to given file" },
46 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
47 };
48
49 class AppIdListenerModule : public Module
50 {
51 public:
52 AppIdListenerModule() : Module(MOD_NAME, s_help, s_params) { }
53
54 ~AppIdListenerModule() override
55 {
56 delete config;
57 }
58
59 bool begin(const char*, int, SnortConfig*) override
60 {
61 if ( config )
62 return false;
63
64 config = new AppIdListenerConfig;
65 return true;
66 }
67
68 bool set(const char*, Value& v, SnortConfig*) override
69 {
70 if ( v.is("json_logging") )
71 config->json_logging = v.get_bool();
72 else if ( v.is("file") )
73 config->file_name = v.get_string();
74
75 return true;
76 }
77
78 AppIdListenerConfig* get_data()
79 {
80 AppIdListenerConfig* temp = config;
81 config = nullptr;
82 return temp;
83 }
84
85 private:
86 AppIdListenerConfig* config = nullptr;
87 };
88
89 //-------------------------------------------------------------------------
90 // inspector stuff
91 //-------------------------------------------------------------------------
92
93 class AppIdListenerInspector : public Inspector
94 {
95 public:
96 AppIdListenerInspector(AppIdListenerModule& mod)
97 {
98 config = mod.get_data();
99 assert(config);
100 }
101
102 ~AppIdListenerInspector() override
103 { delete config; }
104
105 void eval(Packet*) override { }
106
107 bool configure(SnortConfig* sc) override
108 {
109 assert(config);
110 sc->set_run_flags(RUN_FLAG__TRACK_ON_SYN);
111 if (!config->file_name.empty())
112 {
113 config->file_stream.open(config->file_name);
114 if (!config->file_stream.is_open())
115 WarningMessage("appid_listener: can't open file %s\n", config->file_name.c_str());
116 }
117 DataBus::subscribe_network(appid_pub_key, AppIdEventIds::ANY_CHANGE, new AppIdListenerEventHandler(*config));
118 return true;
119 }
120
121 private:
122 AppIdListenerConfig* config = nullptr;
123 };
124
125 //-------------------------------------------------------------------------
126 // api stuff
127 //-------------------------------------------------------------------------
128
129 static Module* mod_ctor()
130 {
131 return new AppIdListenerModule;
132 }
133
134 static void mod_dtor(Module* m)
135 {
136 delete m;
137 }
138
139 static Inspector* al_ctor(Module* m)
140 {
141 assert(m);
142 return new AppIdListenerInspector((AppIdListenerModule&)*m);
143 }
144
145 static void al_dtor(Inspector* p)
146 {
147 delete p;
148 }
149
150 static const InspectApi appid_lstnr_api
151 {
152 {
153 PT_INSPECTOR,
154 sizeof(InspectApi),
155 INSAPI_VERSION,
156 0,
157 API_RESERVED,
158 API_OPTIONS,
159 MOD_NAME,
160 s_help,
161 mod_ctor,
162 mod_dtor
163 },
164 IT_PASSIVE,
165 PROTO_BIT__NONE,
166 nullptr, // buffers
167 nullptr, // service
168 nullptr, // pinit
169 nullptr, // pterm
170 nullptr, // tinit,
171 nullptr, // tterm,
172 al_ctor,
173 al_dtor,
174 nullptr, // ssn
175 nullptr // reset
176 };
177
178 SO_PUBLIC const BaseApi* snort_plugins[] =
179 {
180 &appid_lstnr_api.base,
181 nullptr
182 };