Pull request #3336: appid: provide client appid set by encrypted visibility engine...

author Masud Hasan (mashasan) <mashasan@cisco.com>

Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)

committer Masud Hasan (mashasan) <mashasan@cisco.com>

Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)
author Masud Hasan (mashasan) <mashasan@cisco.com>
Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)
committer Masud Hasan (mashasan) <mashasan@cisco.com>
Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)
diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc

index 8c9787cfdc2957d90631bb55720963820cd44454..78261a4121d2d7dab9f4425d6a7ffb549bcefa34 100644 (file)
--- a/src/network_inspectors/appid/appid_api.cc
+++ b/src/network_inspectors/appid/appid_api.cc
@@ -193,7 +193,9 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name,
  
          service_id = asd->get_api().get_service_app_id();
  
-        if (client_id == APP_ID_NONE)
+        if (asd->use_eve_client_app_id())
+            client_id = asd->get_eve_client_app_id();
+        else if (client_id == APP_ID_NONE)
              client_id = asd->get_api().get_client_app_id();
          else
              asd->set_client_id(client_id);
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc

index 33e637fe8e7580c0a8a49a80122948ccdad9f354..652f13ebc0ca45db42193406f7f4cbbbea9214b5 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -846,9 +846,7 @@ AppId AppIdSession::pick_ss_client_app_id() const
          return tmp_id;
      }
  
-    if (api.client.get_eve_client_app_id() > APP_ID_NONE and
-        (api.client.get_id() == APP_ID_SSL_CLIENT or
-            api.client.get_id() <= APP_ID_NONE))
+    if (use_eve_client_app_id())
      {
          api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP);
          return api.client.get_eve_client_app_id();
diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h

index 6a7a3f72a18657803ba3d41a12da64fa6ee126ff..3910c1f26b14f3d431f0eca1561519d0fe381ab9 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -520,6 +520,12 @@ public:
          return api.client.get_eve_client_app_id();
      }
  
+    bool use_eve_client_app_id() const
+    {
+        return (api.client.get_eve_client_app_id() > APP_ID_NONE and
+            (api.client.get_id() == APP_ID_SSL_CLIENT or api.client.get_id() <= APP_ID_NONE));
+    }
+
      AppId get_payload_id() const
      {
          return api.payload.get_id();
diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc

index 951150cadb31092c91256e39f5da1a80791faea8..9e688747720230978b49e3148efad7f5ff315969 100644 (file)
--- a/src/network_inspectors/appid/test/appid_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_api_test.cc
@@ -240,7 +240,7 @@ TEST(appid_api, get_application_id)
  
  TEST(appid_api, ssl_app_group_id_lookup)
  {
-    mock().expectNCalls(4, "publish");
+    mock().expectNCalls(5, "publish");
      AppId service, client, payload = APP_ID_NONE;
      bool val = false;
  
@@ -294,6 +294,24 @@ TEST(appid_api, ssl_app_group_id_lookup)
      STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
      STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Google");
      STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log);
+
+    // Override client id found by SSL pattern matcher with the client id provided by
+    // Encrypted Visibility Engine if available
+    service = APP_ID_NONE;
+    client = APP_ID_NONE;
+    payload = APP_ID_NONE;
+    mock_session->set_client_id(APP_ID_NONE);
+    mock_session->set_eve_client_app_id(APPID_UT_ID + 100);
+    val = appid_api.ssl_app_group_id_lookup(flow, (const char*)APPID_UT_TLS_HOST, (const char*)APPID_UT_TLS_HOST,
+        (const char*)APPID_UT_TLS_HOST, (const char*)APPID_UT_TLS_HOST, false, service, client, payload);
+    CHECK_TRUE(val);
+    CHECK_EQUAL(client, APPID_UT_ID + 100);
+    CHECK_EQUAL(payload, APPID_UT_ID + 1);
+    STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
+    STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
+    STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
+    STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log);
+
      mock().checkExpectations();
  }
author	Masud Hasan (mashasan) <mashasan@cisco.com>
	Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)
committer	Masud Hasan (mashasan) <mashasan@cisco.com>
	Thu, 31 Mar 2022 21:12:15 +0000 (21:12 +0000)
src/network_inspectors/appid/appid_api.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_session.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_session.h		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_api_test.cc		patch \| blob \| blame \| history