Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_ssh_inspection_needed to master
Squashed commit of the following:
commit
f1abc98a2de81509845b3d7d3e8bc99d3277ff04
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date: Thu Dec 16 12:56:49 2021 -0500
appid: update appid api to include ssh in the list of service inspectors that need inspection
AppIdInspector* appid_inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME,
true);
- if (appid_inspector and
- (inspector.get_service() ==
- appid_inspector->get_ctxt().config.snort_proto_ids[PROTO_INDEX_HTTP2]))
+ if (!appid_inspector)
+ return false;
+
+ SnortProtocolId id = inspector.get_service();
+ AppIdConfig& config = appid_inspector->get_ctxt().config;
+ if (id == config.snort_proto_ids[PROTO_INDEX_HTTP2] or id == config.snort_proto_ids[PROTO_INDEX_SSH])
return true;
return false;
config.snort_proto_ids[PROTO_INDEX_SUNRPC] = sc->proto_ref->add("sunrpc");
config.snort_proto_ids[PROTO_INDEX_TFTP] = sc->proto_ref->add("tftp");
config.snort_proto_ids[PROTO_INDEX_SIP] = sc->proto_ref->add("sip");
+ config.snort_proto_ids[PROTO_INDEX_SSH] = sc->proto_ref->add("ssh");
}
AppIdConfig::~AppIdConfig()
PROTO_INDEX_SUNRPC,
PROTO_INDEX_TFTP,
PROTO_INDEX_SIP,
+ PROTO_INDEX_SSH,
PROTO_INDEX_MAX
};