"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/inspectors/appid_listener/appid_listener_event_handler.h" (23 Sep 2020, 4089 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appid_listener_event_handler.h" see the Fossies "Dox" file reference documentation.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 // appid_listener_event_handler.h author Shravan Rangaraju <shrarang@cisco.com>
   19 
   20 #ifndef APPID_LISTENER_EVENT_HANDLER_H
   21 #define APPID_LISTENER_EVENT_HANDLER_H
   22 
   23 #include <sstream>
   24 
   25 #include "framework/counts.h"
   26 #include "framework/data_bus.h"
   27 #include "helpers/json_stream.h"
   28 #include "log/messages.h"
   29 #include "network_inspectors/appid/application_ids.h"
   30 #include "pub_sub/appid_events.h"
   31 #include "appid_listener.h"
   32 
   33 namespace snort
   34 {
   35 class AppIdSessionApi;
   36 class Flow;
   37 struct Packet;
   38 }
   39 
   40 class AppIdListenerEventHandler : public snort::DataHandler
   41 {
   42 public:
   43     AppIdListenerEventHandler(AppIdListenerConfig& config) :
   44         DataHandler(MOD_NAME), config(config) { }
   45 
   46     void handle(snort::DataEvent& event, snort::Flow* flow) override;
   47 
   48 private:
   49     AppIdListenerConfig& config;
   50 
   51     void print_message(const char*, const char*, const snort::Flow&, PegCount,
   52         AppId, AppId, AppId, AppId, AppId);
   53     void print_json_message(snort::JsonStream&, const char*, const char*, const snort::Flow&,
   54         PegCount, const snort::AppIdSessionApi&, AppId, AppId, AppId, AppId, AppId, bool, uint32_t,
   55         const snort::Packet*);
   56 
   57     bool appid_changed(const AppidChangeBits& ac_bits) const
   58     {
   59         if (ac_bits.test(APPID_RESET_BIT) or ac_bits.test(APPID_SERVICE_BIT) or
   60             ac_bits.test(APPID_CLIENT_BIT) or ac_bits.test(APPID_MISC_BIT) or
   61             ac_bits.test(APPID_PAYLOAD_BIT) or ac_bits.test(APPID_REFERRED_BIT))
   62             return true;
   63 
   64         return false;
   65     }
   66 
   67     std::string get_proto_str(uint8_t ip_proto) const
   68     {
   69         switch(ip_proto)
   70         {
   71         case 1:
   72             return "ICMP";
   73         case 2:
   74             return "IGMP";
   75         case 6:
   76             return "TCP";
   77         case 17:
   78             return "UDP";
   79         default:
   80             return std::to_string(ip_proto);
   81         }
   82     }
   83 
   84     void print_json_header(snort::JsonStream& js, const char* cli_ip_str,
   85         const char* srv_ip_str, uint16_t client_port, uint16_t server_port, uint8_t ip_proto,
   86         PegCount packet_number) const
   87     {
   88         js.put("client_ip", cli_ip_str);
   89         js.put("client_port", client_port);
   90         js.put("server_ip", srv_ip_str);
   91         js.put("server_port", server_port);
   92         js.put("proto", get_proto_str(ip_proto));
   93         js.put("packet_num", packet_number);
   94     }
   95 
   96     void print_header(const char* cli_ip_str, const char* srv_ip_str, uint16_t client_port,
   97         uint16_t server_port, uint8_t ip_proto, PegCount packet_number)
   98     {
   99         std::ostringstream ss;
  100 
  101         ss << cli_ip_str << ":" << client_port << "<->" << srv_ip_str << ":" << server_port <<
  102             " proto: " << (unsigned)ip_proto << " packet: " << packet_number;
  103         if (!write_to_file(ss.str()))
  104             snort::LogMessage("%s", ss.str().c_str());
  105     }
  106 
  107     bool write_to_file(const std::string& str)
  108     {
  109         const std::lock_guard<std::mutex> lock(config.file_mutex);
  110 
  111         if (config.file_stream.is_open())
  112         {
  113             config.file_stream << str;
  114             return true;
  115         }
  116 
  117         return false;
  118     }
  119 
  120 };
  121 
  122 #endif