Pull request #4257: appid: enhanced appid config parsing

author Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>

Wed, 27 Mar 2024 13:17:58 +0000 (13:17 +0000)

committer Chris Sherwin (chsherwi) <chsherwi@cisco.com>

Wed, 27 Mar 2024 13:17:58 +0000 (13:17 +0000)
author Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>
Wed, 27 Mar 2024 13:17:58 +0000 (13:17 +0000)
committer Chris Sherwin (chsherwi) <chsherwi@cisco.com>
Wed, 27 Mar 2024 13:17:58 +0000 (13:17 +0000)
diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc

index 53b4fca730eef8f67b93bd9aa508343bf063f5b2..120ab6684075260bd24dcc2a4ec3aecca4125819 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -45,7 +45,6 @@
  using namespace snort;
  
  #define MAX_TABLE_LINE_LEN      1024
-static const char* CONF_SEPARATORS = "\t\n\r";
  static const int MIN_MAX_TP_FLOW_DEPTH = 1;
  static const int MAX_MAX_TP_FLOW_DEPTH = 1000000;
  static const int MIN_HOST_PORT_APP_CACHE_LOOKUP_INTERVAL = 1;
@@ -270,6 +269,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path)
  {
      char buf[MAX_TABLE_LINE_LEN];
      unsigned line = 0;
+    const char* CONF_SEPARATORS = "\t\n\r ";
  
      FILE* config_file = fopen(path, "r");
      if (config_file == nullptr)
@@ -666,7 +666,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config,
      else
      {
          char buf[MAX_TABLE_LINE_LEN];
-
+        const char* CONF_SEPARATORS = "\t\n\r";
          while (fgets(buf, sizeof(buf), tableFile))
          {
              AppId app_id;
diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc

index 51d77285377b187bbf1cd65f1cce5e8bc3b6d49b..73c7e65fdc813c8098c805f529b1bdf262eef86c 100644 (file)
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -196,6 +196,31 @@ unsigned OdpContext::get_pattern_count()
          dns_matchers.get_pattern_count();
  }
  
+void OdpContext::dump_appid_config()
+{
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: dns_host_reporting                   %s\n", (dns_host_reporting ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: referred_appId_disabled              %s\n", (referred_appId_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: mdns_user_reporting                  %s\n", (mdns_user_reporting ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_userid_disabled                  %s\n", (chp_userid_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: is_host_port_app_cache_runtime       %s\n", (is_host_port_app_cache_runtime ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_port_app_cache            %s\n", (check_host_port_app_cache ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_cache_unknown_ssl         %s\n", (check_host_cache_unknown_ssl ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: ftp_userid_disabled                  %s\n", (ftp_userid_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_disabled         %s\n", (chp_body_collection_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_max              %d\n", chp_body_collection_max);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: rtmp_max_packets                     %d\n", rtmp_max_packets);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_tp_flow_depth                    %d\n", max_tp_flow_depth);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: tp_allow_probes                      %s\n", (tp_allow_probes ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval  %d\n", host_port_app_cache_lookup_interval);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range     %d\n", host_port_app_cache_lookup_range);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache       %s\n", (allow_port_wildcard_host_cache ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid        %s\n", (recheck_for_portservice_appid ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail        %" PRIu64" \n", max_bytes_before_service_fail);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail       %" PRIu16" \n", max_packet_before_service_fail);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_service_fail_ignore_bytes %" PRIu16" \n", max_packet_service_fail_ignore_bytes);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: eve_http_client                      %s\n", (eve_http_client ? "True" : "False"));
+}
+
  OdpContext::OdpContext(const AppIdConfig& config, SnortConfig* sc)
  {
      app_info_mgr.init_appid_info_table(config, sc, *this);
diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h

index 0af943f1bb96b18341350b3d12113c40e6b55fbc..66b947e98eb3c144baa1dd6531ae911e5fbf29e9 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -146,6 +146,7 @@ public:
      OdpContext(const AppIdConfig&, snort::SnortConfig*);
      void initialize(AppIdInspector& inspector);
      void reload();
+    void dump_appid_config();
  
      uint32_t get_version() const
      {
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc

index 3d5da3ffc7c917e7b2c76b151f6364a95f2b2efb..a4c018dc56f47ca2d5020c29cadf58a29376c267 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -364,6 +364,22 @@ static int reload_third_party(lua_State* L)
      return 0;
  }
  
+static int print_appid_config(lua_State* L)
+{
+    ControlConn* ctrlcon = ControlConn::query_from_lua(L);
+    AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
+    if (!inspector)
+    {
+        ctrlcon->respond("== printing appid config failed - appid not enabled\n");
+        return 0;
+    }
+    ctrlcon->respond("== printing appid configs\n");
+    const AppIdContext& ctxt = inspector->get_ctxt();
+    OdpContext& odp_ctxt = ctxt.get_odp_ctxt();
+    odp_ctxt.dump_appid_config();
+    return 0;
+}
+
  static void clear_dynamic_host_cache_services()
  {
      auto hosts = host_cache.get_all_data();
@@ -460,6 +476,7 @@ static const Command appid_cmds[] =
      { "disable_debug", disable_debug, nullptr, "disable appid debugging"},
      { "reload_third_party", reload_third_party, nullptr, "reload appid third-party module" },
      { "reload_detectors", reload_detectors, nullptr, "reload appid detectors" },
+    { "print_appid_config", print_appid_config, nullptr, "print appid configs" },
      { nullptr, nullptr, nullptr, nullptr }
  };
author	Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>
	Wed, 27 Mar 2024 13:17:58 +0000 (13:17 +0000)
committer	Chris Sherwin (chsherwi) <chsherwi@cisco.com>
	Wed, 27 Mar 2024 13:17:58 +0000 (13:17 +0000)
src/network_inspectors/appid/app_info_table.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_config.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_config.h		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_module.cc		patch \| blob \| blame \| history