"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/tp_appid/tp_appid_example.cc" (23 Sep 2020, 5111 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "tp_appid_example.cc" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1.0.0-beta2_vs_3.0.3-1.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2016-2020 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 
   19 // Brief description:
   20 //
   21 // Minimalist example of an implementation of a third party library for appid
   22 // detection.
   23 // Snort interacts with this library via 3 classes:
   24 // 1) TPLibHandler - to load the third party library.
   25 // 2) ThirdPartyAppIdContext - to initialize and clean-up whatever we might need
   26 // 3) ThirdPartyAppIdSession - for the actual information extracted from packets
   27 // The third party library must provide implementations to the abstract classes
   28 // ThirdPartyAppIdContext and ThirdPartyAppIdSession and must also implement the
   29 // object factory functions returning pointers to the derived classes.
   30 //
   31 //
   32 // Standalone compilation:
   33 // g++ -g -Wall -I/path/to/snort3/src -c tp_appid_example.cc
   34 // g++ -std=c++11 -g -Wall -I/path/to/snort3/src -shared -fPIC -o libtp_appid_example.so tp_appid_example.cc
   35 // As a module (dynamically loaded)  - see CMakeLists.txt
   36 
   37 #include <iostream>
   38 #include <sstream>
   39 
   40 #include "main/snort_types.h"
   41 #include "network_inspectors/appid/tp_appid_module_api.h"
   42 #include "network_inspectors/appid/tp_appid_session_api.h"
   43 #include "utils/stats.h"
   44 
   45 #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__
   46 
   47 using namespace std;
   48 
   49 class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext
   50 {
   51 public:
   52     ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config)
   53         : ThirdPartyAppIdContext(ver, mname, config)
   54     {
   55         cerr << WhereMacro << endl;
   56     }
   57 
   58     ~ThirdPartyAppIdContextImpl() override
   59     {
   60         cerr << WhereMacro << endl;
   61     }
   62 
   63     int tinit() override
   64     {
   65         stringstream msg;
   66         msg << WhereMacro << ": per worker thread context initialization." << endl;
   67         cerr << msg.str();
   68         return 0;
   69     }
   70 
   71     bool tfini(bool) override
   72     {
   73         stringstream msg;
   74         msg << WhereMacro << ": per worker-thread context clean-up." << endl;
   75         cerr << msg.str();
   76         return false;
   77     }
   78 
   79 };
   80 
   81 class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession
   82 {
   83 public:
   84 
   85     void reset() override { }
   86     void delete_with_ctxt() override { delete this; }
   87 
   88     ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& tp_ctxt)
   89         : ThirdPartyAppIdSession(tp_ctxt)
   90     {
   91     }
   92 
   93     TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&,
   94         ThirdPartyAppIDAttributeData&) override
   95     {
   96         stringstream msg;
   97         msg  << WhereMacro
   98              << ": third party packet parsing and appid processing."
   99              << " Packet: " << snort::get_packet_number() << endl;
  100         cerr << msg.str();
  101         return TP_STATE_INIT;
  102     }
  103 
  104     int disable_flags(uint32_t) override { return 0; }
  105     TPState get_state() override { return state; }
  106     void set_state(TPState s) override { state=s; }
  107     void clear_attr(TPSessionAttr attr) override { flags &= ~attr; }
  108     void set_attr(TPSessionAttr attr) override { flags |= attr; }
  109     unsigned get_attr(TPSessionAttr attr) override { return flags & attr; }
  110 
  111 private:
  112     unsigned flags=0;
  113 };
  114 
  115 // Object factories to create module and session.
  116 // This is the only way for outside callers to create module and session
  117 // once the .so has been loaded.
  118 extern "C"
  119 {
  120     SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig&);
  121     SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext&);
  122     SO_PUBLIC int tp_appid_pfini();
  123     SO_PUBLIC int tp_appid_tfini();
  124 
  125     SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& cfg)
  126     {
  127         return new ThirdPartyAppIdContextImpl(THIRD_PARTY_APPID_API_VERSION,"third party", cfg);
  128     }
  129 
  130     SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt)
  131     {
  132         return new ThirdPartyAppIdSessionImpl(ctxt);
  133     }
  134 
  135     SO_PUBLIC int tp_appid_pfini()
  136     {
  137         cerr << WhereMacro << ": main thread clean-up." << endl;
  138         return 0;
  139     }
  140 
  141     SO_PUBLIC int tp_appid_tfini()
  142     {
  143         stringstream msg;
  144         msg << WhereMacro << ": per worker-thread clean-up." << endl;
  145         cerr << msg.str();
  146         return 0;
  147     }
  148 }