SnortExtras: src/tp_appid/tp_appid_example.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/tp_appid/tp_appid_example.cc" (23 Sep 2020, 5111 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "tp_appid_example.cc" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report:

1.0.0-beta2_vs_3.0.3-1.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2016-2020 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // Brief description: 20 // 21 // Minimalist example of an implementation of a third party library for appid 22 // detection. 23 // Snort interacts with this library via 3 classes: 24 // 1) TPLibHandler - to load the third party library. 25 // 2) ThirdPartyAppIdContext - to initialize and clean-up whatever we might need 26 // 3) ThirdPartyAppIdSession - for the actual information extracted from packets 27 // The third party library must provide implementations to the abstract classes 28 // ThirdPartyAppIdContext and ThirdPartyAppIdSession and must also implement the 29 // object factory functions returning pointers to the derived classes. 30 // 31 // 32 // Standalone compilation: 33 // g++ -g -Wall -I/path/to/snort3/src -c tp_appid_example.cc 34 // g++ -std=c++11 -g -Wall -I/path/to/snort3/src -shared -fPIC -o libtp_appid_example.so tp_appid_example.cc 35 // As a module (dynamically loaded) - see CMakeLists.txt 36 37 #include <iostream> 38 #include <sstream> 39 40 #include "main/snort_types.h" 41 #include "network_inspectors/appid/tp_appid_module_api.h" 42 #include "network_inspectors/appid/tp_appid_session_api.h" 43 #include "utils/stats.h" 44 45 #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__ 46 47 using namespace std; 48 49 class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext 50 { 51 public: 52 ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config) 53 : ThirdPartyAppIdContext(ver, mname, config) 54 { 55 cerr << WhereMacro << endl; 56 } 57 58 ~ThirdPartyAppIdContextImpl() override 59 { 60 cerr << WhereMacro << endl; 61 } 62 63 int tinit() override 64 { 65 stringstream msg; 66 msg << WhereMacro << ": per worker thread context initialization." << endl; 67 cerr << msg.str(); 68 return 0; 69 } 70 71 bool tfini(bool) override 72 { 73 stringstream msg; 74 msg << WhereMacro << ": per worker-thread context clean-up." << endl; 75 cerr << msg.str(); 76 return false; 77 } 78 79 }; 80 81 class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession 82 { 83 public: 84 85 void reset() override { } 86 void delete_with_ctxt() override { delete this; } 87 88 ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& tp_ctxt) 89 : ThirdPartyAppIdSession(tp_ctxt) 90 { 91 } 92 93 TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&, 94 ThirdPartyAppIDAttributeData&) override 95 { 96 stringstream msg; 97 msg << WhereMacro 98 << ": third party packet parsing and appid processing." 99 << " Packet: " << snort::get_packet_number() << endl; 100 cerr << msg.str(); 101 return TP_STATE_INIT; 102 } 103 104 int disable_flags(uint32_t) override { return 0; } 105 TPState get_state() override { return state; } 106 void set_state(TPState s) override { state=s; } 107 void clear_attr(TPSessionAttr attr) override { flags &= ~attr; } 108 void set_attr(TPSessionAttr attr) override { flags |= attr; } 109 unsigned get_attr(TPSessionAttr attr) override { return flags & attr; } 110 111 private: 112 unsigned flags=0; 113 }; 114 115 // Object factories to create module and session. 116 // This is the only way for outside callers to create module and session 117 // once the .so has been loaded. 118 extern "C" 119 { 120 SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig&); 121 SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext&); 122 SO_PUBLIC int tp_appid_pfini(); 123 SO_PUBLIC int tp_appid_tfini(); 124 125 SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& cfg) 126 { 127 return new ThirdPartyAppIdContextImpl(THIRD_PARTY_APPID_API_VERSION,"third party", cfg); 128 } 129 130 SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt) 131 { 132 return new ThirdPartyAppIdSessionImpl(ctxt); 133 } 134 135 SO_PUBLIC int tp_appid_pfini() 136 { 137 cerr << WhereMacro << ": main thread clean-up." << endl; 138 return 0; 139 } 140 141 SO_PUBLIC int tp_appid_tfini() 142 { 143 stringstream msg; 144 msg << WhereMacro << ": per worker-thread clean-up." << endl; 145 cerr << msg.str(); 146 return 0; 147 } 148 }