Pull request #4613: appid: Implemented support for Evasive VPN & Multihop proxy

Merge in SNORT/snort3 from ~BSACHDEV/snort3:multihop_evasive to master

Squashed commit of the following:

commit c6bb3ceb3ed9afe5986e6fc347cca9efcb55211c
Author: bsachdev <bsachdev@cisco.com>
Date:   Mon Feb 10 12:34:53 2025 -0500

    appid: implemented support for shadow traffic evasive vpn & multihop proxy

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 664225ba009a8506858132245f2139bb1d6accd6..3066bea1afea1fdc7f9f668cd46693aab922a58c 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -1307,6 +1307,24 @@ void AppIdSession::check_shadow_traffic_bits(AppId id, uint32_t& shadow_bits, Ap
                 is_publishing_set = true;
             }
         }
+           if (attributeBits & ATTR_APPEVASIVEVPN)
+        {
+            shadow_bits |= ShadowTraffic_Type_Evasive_VPN;
+            if (!is_publishing_set)
+            {
+                publishing_appid = id;
+                is_publishing_set = true;
+            }
+        }
+        if (attributeBits & ATTR_APPMULTIHOPPROXY)
+        {
+            shadow_bits |= ShadowTraffic_Type_Multihop_Proxy;
+            if (!is_publishing_set)
+            {
+                publishing_appid = id;
+                is_publishing_set = true;
+            }
+        }
     }
 }