From: Anna Norokh -X (anorokh - SOFTSERVE INC at Cisco) <anorokh@cisco.com>
Date: Tue, 11 Mar 2025 10:28:37 +0000 (+0000)
Subject: Pull request #4656: extractor: add tenant id as common field
X-Git-Tag: 3.7.1.0~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c59c6e7d996ca614506c4cca7798f54e7d74bd54;p=thirdparty%2Fsnort3.git

Pull request #4656: extractor: add tenant id as common field

Merge in SNORT/snort3 from ~ANOROKH/snort3:extr_add_tenant_field to master

Squashed commit of the following:

commit 2a414abe67d6ffd4bc4d94171a595031a3fa1a89
Author: anorokh <anorokh@cisco.com>
Date:   Tue Mar 4 14:21:32 2025 +0200

    extractor: add tenant id as common field
---

diff --git a/doc/user/extractor.txt b/doc/user/extractor.txt
index 1686ff9d9..1dd5566b2 100644
--- a/doc/user/extractor.txt
+++ b/doc/user/extractor.txt
@@ -71,6 +71,7 @@ Common fields available for every service:
 * `id.resp_h` - server IP address
 * `id.resp_p` - server TCP port
 * `pkt_num` - packet number
+* `tenant_id` - tenant identifier
 
 Fields supported for HTTP:
 
diff --git a/src/network_inspectors/extractor/extractor_service.cc b/src/network_inspectors/extractor/extractor_service.cc
index ffdbe2506..c4e9b2a4c 100644
--- a/src/network_inspectors/extractor/extractor_service.cc
+++ b/src/network_inspectors/extractor/extractor_service.cc
@@ -45,7 +45,8 @@ std::vector<std::string> ExtractorService::common_fields =
     "id.orig_p",
     "id.resp_h",
     "id.resp_p",
-    "pkt_num"
+    "pkt_num",
+    "tenant_id"
 };
 
 THREAD_LOCAL ExtractorLogger* ExtractorService::logger = nullptr;
diff --git a/src/network_inspectors/extractor/extractors.cc b/src/network_inspectors/extractor/extractors.cc
index 7603e1606..000a74763 100644
--- a/src/network_inspectors/extractor/extractors.cc
+++ b/src/network_inspectors/extractor/extractors.cc
@@ -72,5 +72,6 @@ const std::map<std::string, ExtractorEvent::NumGetFn> ExtractorEvent::num_getter
     {"id.orig_p", ExtractorEvent::get_ip_src_port},
     {"id.resp_p", ExtractorEvent::get_ip_dst_port},
     {"uid", ExtractorEvent::get_uid},
-    {"pkt_num", ExtractorEvent::get_pkt_num}
+    {"pkt_num", ExtractorEvent::get_pkt_num},
+    {"tenant_id", ExtractorEvent::get_tenant_id}
 };
diff --git a/src/network_inspectors/extractor/extractors.h b/src/network_inspectors/extractor/extractors.h
index 0a76641b2..773a63b17 100644
--- a/src/network_inspectors/extractor/extractors.h
+++ b/src/network_inspectors/extractor/extractors.h
@@ -115,6 +115,15 @@ protected:
     static uint64_t get_ip_dst_port(const DataEvent*, const Flow* flow)
     { return flow->server_port; }
 
+    static uint64_t get_tenant_id(const DataEvent*, const Flow* flow)
+    {
+#ifdef DISABLE_TENANT_ID
+        return 0;
+#else
+        return flow->key->tenant_id;
+#endif
+    }
+
     static uint64_t get_pkt_num(const DataEvent*, const Flow*)
     {
         const Packet* p = ExtractorEvent::get_packet();