From 02aab78f51f5976a7741f607ec334b119db3976d Mon Sep 17 00:00:00 2001
From: "Bhumika Sachdeva (bsachdev)" <bsachdev@cisco.com>
Date: Thu, 13 Feb 2025 14:09:04 +0000
Subject: [PATCH] Pull request #4613: appid: Implemented support for Evasive
 VPN & Multihop proxy

Merge in SNORT/snort3 from ~BSACHDEV/snort3:multihop_evasive to master

Squashed commit of the following:

commit c6bb3ceb3ed9afe5986e6fc347cca9efcb55211c
Author: bsachdev <bsachdev@cisco.com>
Date:   Mon Feb 10 12:34:53 2025 -0500

    appid: implemented support for shadow traffic evasive vpn & multihop proxy
---
 src/network_inspectors/appid/appid_session.cc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 664225ba0..3066bea1a 100644
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -1307,6 +1307,24 @@ void AppIdSession::check_shadow_traffic_bits(AppId id, uint32_t& shadow_bits, Ap
                 is_publishing_set = true;
             }
         }
+	    if (attributeBits & ATTR_APPEVASIVEVPN)
+        {
+            shadow_bits |= ShadowTraffic_Type_Evasive_VPN;
+            if (!is_publishing_set)
+            {
+                publishing_appid = id;
+                is_publishing_set = true;
+            }
+        }
+        if (attributeBits & ATTR_APPMULTIHOPPROXY)
+        {
+            shadow_bits |= ShadowTraffic_Type_Multihop_Proxy;
+            if (!is_publishing_set)
+            {
+                publishing_appid = id;
+                is_publishing_set = true;
+            }
+        }
     }
 }
 
-- 
2.47.3