Merge in SNORT/snort3 from ~OSTEPANO/snort3:ssl_fallback_to_encrypted_appid to master
Squashed commit of the following:
commit
32a0e9b13a63fe5ccf2c9b74ca1e264b846b4f6b
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date: Wed May 10 08:59:16 2023 -0400
appid: Added logic to check for encrypted appid before assigning SSL service based on port
{
if (!(dd->client.flags & CLIENT_FLAG_STARTTLS_SUCCESS))
goto fail;
- else if (args.asd.get_session_flags(APPID_SESSION_CLIENT_DETECTED))
- {
- args.asd.clear_session_flags(APPID_SESSION_CONTINUE);
- return APPID_SUCCESS;
- }
+
goto inprocess;
}
if (!fd->code)
return APP_ID_HTTPS;
case 448:
return APP_ID_DDM_SSL;
- case 25:
case 465:
return APP_ID_SMTPS;
case 563:
portAppId = getSslServiceAppId(serverPort);
if (tp_app_id == APP_ID_SSL)
{
- tp_app_id = portAppId;
+ if (asd.encrypted.service_id > 0)
+ {
+ tp_app_id = asd.encrypted.service_id;
+ }
+ else
+ {
+ tp_app_id = portAppId;
+ }
//SSL policy determines IMAPS/POP3S etc before appId sees first server
// packet
asd.set_port_service_id(portAppId);
projects / thirdparty / snort3.git / commitdiff
