Pull request #3663: appid: Added config for logging alpn service mappings

author Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>

Fri, 18 Nov 2022 14:23:09 +0000 (14:23 +0000)

committer Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>

Fri, 18 Nov 2022 14:23:09 +0000 (14:23 +0000)
author Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Fri, 18 Nov 2022 14:23:09 +0000 (14:23 +0000)
committer Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Fri, 18 Nov 2022 14:23:09 +0000 (14:23 +0000)
diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h

index 7403db99c4bf198aae31bf00e2ecbf114dca95e3..a0ec848fcf49087e2bba67575d65057bc287ceb8 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -84,6 +84,7 @@ public:
      // after certificate-exchange). Such manual detection is disabled by default (0).
      uint32_t first_decrypted_packet_debug = 0;
      bool log_eve_process_client_mappings = false;
+    bool log_alpn_service_mappings = false;
  #endif
      bool log_stats = false;
      uint32_t app_stats_period = 300;
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc

index e3681c0bddbd8b5588856dc5bf811d98830fd7ef..171cc21732c628f43f0c02a93002e9d49ae62377 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -71,6 +71,8 @@ static const Parameter s_params[] =
        "the first packet of an already decrypted SSL flow (debug single session only)" },
      { "log_eve_process_client_mappings", Parameter::PT_BOOL, nullptr, "false",
        "enable logging of encrypted visibility engine process to client mappings" },
+    { "log_alpn_service_mappings", Parameter::PT_BOOL, nullptr, "false",
+      "enable logging of alpn service mappings" },
  #endif
      { "memcap", Parameter::PT_INT, "1024:maxSZ", "1048576",
        "max size of the service cache before we start pruning the cache" },
@@ -481,6 +483,8 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*)
          config->first_decrypted_packet_debug = v.get_uint32();
      else if ( v.is("log_eve_process_client_mappings") )
          config->log_eve_process_client_mappings = v.get_bool();
+    else if (v.is("log_alpn_service_mappings") )
+        config->log_alpn_service_mappings = v.get_bool();
      else
  #endif
      if ( v.is("memcap") )
diff --git a/src/network_inspectors/appid/service_plugins/alpn_patterns.cc b/src/network_inspectors/appid/service_plugins/alpn_patterns.cc

index 44abafa256613467b78f0f011ee2cbb93484a99b..a9b6ef3fda6c74d65291e1fe7bc854ffb2513227 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/alpn_patterns.cc
+++ b/src/network_inspectors/appid/service_plugins/alpn_patterns.cc
@@ -27,8 +27,10 @@
  #include <algorithm>
  
  #include "log/messages.h"
+#include "managers/inspector_manager.h"
  #include "utils/util.h"
  #include "appid_debug.h"
+#include "appid_inspector.h"
  
  using namespace snort;
  using namespace std;
@@ -103,6 +105,9 @@ void AlpnPatternMatchers::finalize_patterns()
          alpn_pattern_matcher.add(p->pattern.data(), p->pattern.size(), p, true);
  
          #ifdef REG_TEST
+        AppIdInspector* inspector = 
+            (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
+        if (inspector and inspector->get_ctxt().config.log_alpn_service_mappings)
              LogMessage("Adding ALPN service App pattern %d %s\n",
                  p->app_id, p->pattern.c_str());
          #endif
diff --git a/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc b/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc

index 891735ad35283ec3f86451bf1817e55ad1ddc73a..476a9fee870d2f6066009d123186f12656366b8c 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc
+++ b/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc
@@ -22,6 +22,7 @@
  #include "config.h"
  #endif
  
+#include "appid_inspector.h"
  #include "service_plugins/alpn_patterns.cc"
  #include "service_alpn_patterns_mock.h"
  
@@ -42,6 +43,14 @@ int SearchTool::find_all(const char* pattern, unsigned, MpseMatch, bool, void* d
  }
  }
  
+Inspector* InspectorManager::get_inspector(char const*, bool, const snort::SnortConfig*)
+{
+    return nullptr;
+}
+
+AppIdContext* ctxt;
+AppIdContext& AppIdInspector::get_ctxt() const { return *ctxt; }
+
  TEST_GROUP(alpn_patterns_tests)
  {
      void setup() override
author	Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
	Fri, 18 Nov 2022 14:23:09 +0000 (14:23 +0000)
committer	Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
	Fri, 18 Nov 2022 14:23:09 +0000 (14:23 +0000)
src/network_inspectors/appid/appid_config.h		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_module.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/alpn_patterns.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc		patch \| blob \| blame \| history