00001 //--------------------------------------------------------------------------
00002 // Copyright (C) 2016-2017 Cisco and/or its affiliates. All rights reserved.
00003 //
00004 // This program is free software; you can redistribute it and/or modify it
00005 // under the terms of the GNU General Public License Version 2 as published
00006 // by the Free Software Foundation. You may not use, modify or distribute
00007 // this program under any other version of the GNU General Public License.
00008 //
00009 // This program is distributed in the hope that it will be useful, but
00010 // WITHOUT ANY WARRANTY; without even the implied warranty of
00011 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00012 // General Public License for more details.
00013 //
00014 // You should have received a copy of the GNU General Public License along
00015 // with this program; if not, write to the Free Software Foundation, Inc.,
00016 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
00017 //--------------------------------------------------------------------------
00018
00019 // appid_inspector.h author davis mcpherson <davmcphe@cisco.com>
00020 // Created on: May 10, 2016
00021
00022 #ifndef APPID_INSPECTOR_H
00023 #define APPID_INSPECTOR_H
00024
00025 #include "appid_config.h"
00026 #include "appid_module.h"
00027 #include "application_ids.h"
00028 #include "flow/flow.h"
00029
00030 class AppIdStatistics;
00031 struct Packet;
00032 class SipEventHandler;
00033 struct SnortConfig;
00034
00035 class AppIdInspector : public Inspector
00036 {
00037 public:
00038
00039 AppIdInspector(AppIdModule&);
00040 ~AppIdInspector() override;
00041 static AppIdInspector* get_inspector();
00042
00043 bool configure(SnortConfig*) override;
00044 void show(SnortConfig*) override;
00045 void tinit() override;
00046 void tterm() override;
00047 void eval(Packet*) override;
00048 AppIdConfig* get_appid_config();
00049 AppIdStatistics* get_stats_manager();
00050 int16_t add_appid_protocol_reference(const char* protocol);
00051
00052 SipEventHandler& get_sip_event_handler()
00053 {
00054 return *my_seh;
00055 }
00056
00057 private:
00058 const AppIdModuleConfig* config = nullptr;
00059 AppIdConfig* active_config = nullptr;
00060 SipEventHandler* my_seh;
00061
00062 };
00063
00064 int sslAppGroupIdLookup(void*, const char*, const char*, AppId*, AppId*, AppId*);
00065 AppId getOpenAppId(Flow*);
00066
00067 #endif
00068
END OF CODE