Pull request #3625: appid: publish client and payload ids set in eve process event...

Merge in SNORT/snort3 from ~SATHIRKA/snort3:url_rule_matching to master

Squashed commit of the following:

commit f77afe9166c78bd765d6dd04bb0cfe471726fe6a
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Mon Oct 10 14:26:09 2022 -0400

    appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete

diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc
index 78261a4121d2d7dab9f4425d6a7ffb549bcefa34..9e6a367adfc0160f7dd63f861ec5bc72c2cc7129 100644 (file)
--- a/src/network_inspectors/appid/appid_api.cc
+++ b/src/network_inspectors/appid/appid_api.cc
@@ -205,7 +205,6 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name,
         else
             asd->set_payload_id(payload_id);
 
-        asd->set_ss_application_ids(client_id, payload_id, change_bits);
         asd->set_tls_host(change_bits);
 
         Packet* p = DetectionEngine::get_current_packet();

diff --git a/src/network_inspectors/appid/appid_eve_process_event_handler.cc b/src/network_inspectors/appid/appid_eve_process_event_handler.cc
index ad88cbe798cb4a460915867f954d4b555fd9de4a..0493f584dc1f79442d32b0207af6406a2cb5d186 100644 (file)
--- a/src/network_inspectors/appid/appid_eve_process_event_handler.cc
+++ b/src/network_inspectors/appid/appid_eve_process_event_handler.cc
@@ -129,7 +129,6 @@ void AppIdEveProcessEventHandler::handle(DataEvent& event, Flow* flow)
         asd->get_odp_ctxt().get_ssl_matchers().scan_hostname(reinterpret_cast<const uint8_t*>(server_name.c_str()),
             server_name.length(), client_id, payload_id);
         asd->set_payload_id(payload_id);
-        asd->set_ss_application_ids_payload(payload_id, change_bits);
     }
 
     if (appidDebug->is_active())

diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc
index 9e688747720230978b49e3148efad7f5ff315969..8e9e21d3f9b702cbc075e4c7a5152f828fb119b8 100644 (file)
--- a/src/network_inspectors/appid/test/appid_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_api_test.cc
@@ -266,7 +266,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
-    STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log);
+    STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
 
     mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits);
     mock_session->tsession->set_tls_cname("www.cisco.com", 13, change_bits);
@@ -282,7 +282,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco");
-    STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log);
+    STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
 
     string host = "";
     val = appid_api.ssl_app_group_id_lookup(flow, (const char*)(host.c_str()), nullptr,
@@ -310,7 +310,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
-    STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log);
+    STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
 
     mock().checkExpectations();
 }