"Fossies" - the Fresh Open Source Software Archive 
Member "snort3_extra-3.1.51.0/src/tp_appid/tp_appid_example.cc" (20 Dec 2022, 5226 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "tp_appid_example.cc" see the
Fossies "Dox" file reference documentation.
1 //--------------------------------------------------------------------------
2 // Copyright (C) 2016-2022 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation. You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 //--------------------------------------------------------------------------
18
19 // Brief description:
20 //
21 // Minimalist example of an implementation of a third party library for appid
22 // detection.
23 // Snort interacts with this library via 3 classes:
24 // 1) TPLibHandler - to load the third party library.
25 // 2) ThirdPartyAppIdContext - to initialize and clean-up whatever we might need
26 // 3) ThirdPartyAppIdSession - for the actual information extracted from packets
27 // The third party library must provide implementations to the abstract classes
28 // ThirdPartyAppIdContext and ThirdPartyAppIdSession and must also implement the
29 // object factory functions returning pointers to the derived classes.
30 //
31 //
32 // Standalone compilation:
33 // g++ -g -Wall -I/path/to/snort3/src -c tp_appid_example.cc
34 // g++ -std=c++11 -g -Wall -I/path/to/snort3/src -shared -fPIC -o libtp_appid_example.so tp_appid_example.cc
35 // As a module (dynamically loaded) - see CMakeLists.txt
36
37 #include <iostream>
38 #include <sstream>
39
40 #include "main/snort_types.h"
41 #include "network_inspectors/appid/tp_appid_module_api.h"
42 #include "network_inspectors/appid/tp_appid_session_api.h"
43 #include "utils/stats.h"
44
45 #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__
46
47 using namespace std;
48
49 class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext
50 {
51 public:
52 ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config)
53 : ThirdPartyAppIdContext(ver, mname, config)
54 {
55 cerr << WhereMacro << endl;
56 }
57
58 ~ThirdPartyAppIdContextImpl() override
59 {
60 cerr << WhereMacro << endl;
61 }
62
63 int tinit() override
64 {
65 stringstream msg;
66 msg << WhereMacro << ": per worker thread context initialization." << endl;
67 cerr << msg.str();
68 return 0;
69 }
70
71 bool tfini(bool) override
72 {
73 stringstream msg;
74 msg << WhereMacro << ": per worker-thread context clean-up." << endl;
75 cerr << msg.str();
76 return false;
77 }
78
79 const string& get_user_config() const override { return user_config; }
80
81 private:
82 string user_config = "";
83
84 };
85
86 class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession
87 {
88 public:
89
90 void reset() override { }
91 void delete_with_ctxt() override { delete this; }
92
93 ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& tp_ctxt)
94 : ThirdPartyAppIdSession(tp_ctxt)
95 {
96 }
97
98 TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&,
99 ThirdPartyAppIDAttributeData&) override
100 {
101 stringstream msg;
102 msg << WhereMacro
103 << ": third party packet parsing and appid processing."
104 << " Packet: " << snort::get_packet_number() << endl;
105 cerr << msg.str();
106 return TP_STATE_INIT;
107 }
108
109 int disable_flags(uint32_t) override { return 0; }
110 TPState get_state() override { return state; }
111 void set_state(TPState s) override { state=s; }
112 void clear_attr(TPSessionAttr attr) override { flags &= ~attr; }
113 void set_attr(TPSessionAttr attr) override { flags |= attr; }
114 unsigned get_attr(TPSessionAttr attr) override { return flags & attr; }
115
116 private:
117 unsigned flags=0;
118 };
119
120 // Object factories to create module and session.
121 // This is the only way for outside callers to create module and session
122 // once the .so has been loaded.
123 extern "C"
124 {
125 SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig&);
126 SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext&);
127 SO_PUBLIC int tp_appid_pfini();
128 SO_PUBLIC int tp_appid_tfini();
129
130 SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& cfg)
131 {
132 return new ThirdPartyAppIdContextImpl(THIRD_PARTY_APPID_API_VERSION,"third party", cfg);
133 }
134
135 SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt)
136 {
137 return new ThirdPartyAppIdSessionImpl(ctxt);
138 }
139
140 SO_PUBLIC int tp_appid_pfini()
141 {
142 cerr << WhereMacro << ": main thread clean-up." << endl;
143 return 0;
144 }
145
146 SO_PUBLIC int tp_appid_tfini()
147 {
148 stringstream msg;
149 msg << WhereMacro << ": per worker-thread clean-up." << endl;
150 cerr << msg.str();
151 return 0;
152 }
153 }