"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.51.0/src/tp_appid/tp_appid_example.cc" (20 Dec 2022, 5226 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "tp_appid_example.cc" see the Fossies "Dox" file reference documentation.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2016-2022 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 
   19 // Brief description:
   20 //
   21 // Minimalist example of an implementation of a third party library for appid
   22 // detection.
   23 // Snort interacts with this library via 3 classes:
   24 // 1) TPLibHandler - to load the third party library.
   25 // 2) ThirdPartyAppIdContext - to initialize and clean-up whatever we might need
   26 // 3) ThirdPartyAppIdSession - for the actual information extracted from packets
   27 // The third party library must provide implementations to the abstract classes
   28 // ThirdPartyAppIdContext and ThirdPartyAppIdSession and must also implement the
   29 // object factory functions returning pointers to the derived classes.
   30 //
   31 //
   32 // Standalone compilation:
   33 // g++ -g -Wall -I/path/to/snort3/src -c tp_appid_example.cc
   34 // g++ -std=c++11 -g -Wall -I/path/to/snort3/src -shared -fPIC -o libtp_appid_example.so tp_appid_example.cc
   35 // As a module (dynamically loaded)  - see CMakeLists.txt
   36 
   37 #include <iostream>
   38 #include <sstream>
   39 
   40 #include "main/snort_types.h"
   41 #include "network_inspectors/appid/tp_appid_module_api.h"
   42 #include "network_inspectors/appid/tp_appid_session_api.h"
   43 #include "utils/stats.h"
   44 
   45 #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__
   46 
   47 using namespace std;
   48 
   49 class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext
   50 {
   51 public:
   52     ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config)
   53         : ThirdPartyAppIdContext(ver, mname, config)
   54     {
   55         cerr << WhereMacro << endl;
   56     }
   57 
   58     ~ThirdPartyAppIdContextImpl() override
   59     {
   60         cerr << WhereMacro << endl;
   61     }
   62 
   63     int tinit() override
   64     {
   65         stringstream msg;
   66         msg << WhereMacro << ": per worker thread context initialization." << endl;
   67         cerr << msg.str();
   68         return 0;
   69     }
   70 
   71     bool tfini(bool) override
   72     {
   73         stringstream msg;
   74         msg << WhereMacro << ": per worker-thread context clean-up." << endl;
   75         cerr << msg.str();
   76         return false;
   77     }
   78 
   79     const string& get_user_config() const override { return user_config; }
   80 
   81 private:
   82     string user_config = "";
   83 
   84 };
   85 
   86 class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession
   87 {
   88 public:
   89 
   90     void reset() override { }
   91     void delete_with_ctxt() override { delete this; }
   92 
   93     ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& tp_ctxt)
   94         : ThirdPartyAppIdSession(tp_ctxt)
   95     {
   96     }
   97 
   98     TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&,
   99         ThirdPartyAppIDAttributeData&) override
  100     {
  101         stringstream msg;
  102         msg  << WhereMacro
  103              << ": third party packet parsing and appid processing."
  104              << " Packet: " << snort::get_packet_number() << endl;
  105         cerr << msg.str();
  106         return TP_STATE_INIT;
  107     }
  108 
  109     int disable_flags(uint32_t) override { return 0; }
  110     TPState get_state() override { return state; }
  111     void set_state(TPState s) override { state=s; }
  112     void clear_attr(TPSessionAttr attr) override { flags &= ~attr; }
  113     void set_attr(TPSessionAttr attr) override { flags |= attr; }
  114     unsigned get_attr(TPSessionAttr attr) override { return flags & attr; }
  115 
  116 private:
  117     unsigned flags=0;
  118 };
  119 
  120 // Object factories to create module and session.
  121 // This is the only way for outside callers to create module and session
  122 // once the .so has been loaded.
  123 extern "C"
  124 {
  125     SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig&);
  126     SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext&);
  127     SO_PUBLIC int tp_appid_pfini();
  128     SO_PUBLIC int tp_appid_tfini();
  129 
  130     SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& cfg)
  131     {
  132         return new ThirdPartyAppIdContextImpl(THIRD_PARTY_APPID_API_VERSION,"third party", cfg);
  133     }
  134 
  135     SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt)
  136     {
  137         return new ThirdPartyAppIdSessionImpl(ctxt);
  138     }
  139 
  140     SO_PUBLIC int tp_appid_pfini()
  141     {
  142         cerr << WhereMacro << ": main thread clean-up." << endl;
  143         return 0;
  144     }
  145 
  146     SO_PUBLIC int tp_appid_tfini()
  147     {
  148         stringstream msg;
  149         msg << WhereMacro << ": per worker-thread clean-up." << endl;
  150         cerr << msg.str();
  151         return 0;
  152     }
  153 }