From 484c348bb36d3f33fdca5feaea892158b86b8c8b Mon Sep 17 00:00:00 2001 From: "Bhumika Sachdeva (bsachdev)" Date: Wed, 2 Apr 2025 14:11:31 +0000 Subject: [PATCH] Pull request #4673: appid: fixed unknown payload case for domain fronting Merge in SNORT/snort3 from ~BSACHDEV/snort3:domain_fronting_payload_unknown to master Squashed commit of the following: commit ca35caad3f65496e8ca02cdbca4f39f599a287db Author: bsachdev Date: Fri Mar 21 17:28:28 2025 -0400 appid: fixed unknown payload case for domain fronting --- src/network_inspectors/appid/appid_session.cc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index c8d28da89..45827a341 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -1217,14 +1217,23 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b const char* app_name; unsigned shadow_traffic_pub_id = 0; - std::string str_print; + std::string str_print; AppId publishing_appid = get_shadow_traffic_publishing_appid(); app_name = api.asd->get_odp_ctxt().get_app_info_mgr().get_app_name(publishing_appid); + if (app_name == nullptr) { - APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n"); - return; + if ((shadow_traffic_bits & ShadowTraffic_Type_Domain_Fronting) && + !(shadow_traffic_bits & ~ShadowTraffic_Type_Domain_Fronting)) + { + app_name = "unknown"; + } + else + { + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n"); + return; + } } shadow_traffic_pub_id = DataBus::get_id(shadowtraffic_pub_key); -- 2.47.3