SnortExtras: src/tp_appid/tp_appid_example.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.51.0/src/tp_appid/tp_appid_example.cc" (20 Dec 2022, 5226 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "tp_appid_example.cc" see the Fossies "Dox" file reference documentation.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2016-2022 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // Brief description: 20 // 21 // Minimalist example of an implementation of a third party library for appid 22 // detection. 23 // Snort interacts with this library via 3 classes: 24 // 1) TPLibHandler - to load the third party library. 25 // 2) ThirdPartyAppIdContext - to initialize and clean-up whatever we might need 26 // 3) ThirdPartyAppIdSession - for the actual information extracted from packets 27 // The third party library must provide implementations to the abstract classes 28 // ThirdPartyAppIdContext and ThirdPartyAppIdSession and must also implement the 29 // object factory functions returning pointers to the derived classes. 30 // 31 // 32 // Standalone compilation: 33 // g++ -g -Wall -I/path/to/snort3/src -c tp_appid_example.cc 34 // g++ -std=c++11 -g -Wall -I/path/to/snort3/src -shared -fPIC -o libtp_appid_example.so tp_appid_example.cc 35 // As a module (dynamically loaded) - see CMakeLists.txt 36 37 #include <iostream> 38 #include <sstream> 39 40 #include "main/snort_types.h" 41 #include "network_inspectors/appid/tp_appid_module_api.h" 42 #include "network_inspectors/appid/tp_appid_session_api.h" 43 #include "utils/stats.h" 44 45 #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__ 46 47 using namespace std; 48 49 class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext 50 { 51 public: 52 ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config) 53 : ThirdPartyAppIdContext(ver, mname, config) 54 { 55 cerr << WhereMacro << endl; 56 } 57 58 ~ThirdPartyAppIdContextImpl() override 59 { 60 cerr << WhereMacro << endl; 61 } 62 63 int tinit() override 64 { 65 stringstream msg; 66 msg << WhereMacro << ": per worker thread context initialization." << endl; 67 cerr << msg.str(); 68 return 0; 69 } 70 71 bool tfini(bool) override 72 { 73 stringstream msg; 74 msg << WhereMacro << ": per worker-thread context clean-up." << endl; 75 cerr << msg.str(); 76 return false; 77 } 78 79 const string& get_user_config() const override { return user_config; } 80 81 private: 82 string user_config = ""; 83 84 }; 85 86 class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession 87 { 88 public: 89 90 void reset() override { } 91 void delete_with_ctxt() override { delete this; } 92 93 ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& tp_ctxt) 94 : ThirdPartyAppIdSession(tp_ctxt) 95 { 96 } 97 98 TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&, 99 ThirdPartyAppIDAttributeData&) override 100 { 101 stringstream msg; 102 msg << WhereMacro 103 << ": third party packet parsing and appid processing." 104 << " Packet: " << snort::get_packet_number() << endl; 105 cerr << msg.str(); 106 return TP_STATE_INIT; 107 } 108 109 int disable_flags(uint32_t) override { return 0; } 110 TPState get_state() override { return state; } 111 void set_state(TPState s) override { state=s; } 112 void clear_attr(TPSessionAttr attr) override { flags &= ~attr; } 113 void set_attr(TPSessionAttr attr) override { flags |= attr; } 114 unsigned get_attr(TPSessionAttr attr) override { return flags & attr; } 115 116 private: 117 unsigned flags=0; 118 }; 119 120 // Object factories to create module and session. 121 // This is the only way for outside callers to create module and session 122 // once the .so has been loaded. 123 extern "C" 124 { 125 SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig&); 126 SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext&); 127 SO_PUBLIC int tp_appid_pfini(); 128 SO_PUBLIC int tp_appid_tfini(); 129 130 SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& cfg) 131 { 132 return new ThirdPartyAppIdContextImpl(THIRD_PARTY_APPID_API_VERSION,"third party", cfg); 133 } 134 135 SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt) 136 { 137 return new ThirdPartyAppIdSessionImpl(ctxt); 138 } 139 140 SO_PUBLIC int tp_appid_pfini() 141 { 142 cerr << WhereMacro << ": main thread clean-up." << endl; 143 return 0; 144 } 145 146 SO_PUBLIC int tp_appid_tfini() 147 { 148 stringstream msg; 149 msg << WhereMacro << ": per worker-thread clean-up." << endl; 150 cerr << msg.str(); 151 return 0; 152 } 153 }