Merge pull request #686 in SNORT/snort3 from appid_config_errors to master

Squashed commit of the following:

commit 775bbff15e3e5ce8dc73d51c561d9d3f2b05356e
Author: Ed Borgoyn <eborgoyn@cisco.com>
Date:   Mon Oct 24 15:48:09 2016 -0400

    Change missing mapping files to a ParseError.

diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc
index 735298ec10604f3172e9d4bcde8499dc33b5a9f7..35e0527f0d2bf6c635edf4b3b77e3dcb33672c77 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -492,7 +492,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
     tableFile = fopen(filepath, "r");
     if (tableFile == nullptr)
     {
-        ErrorMessage("Could not open RnaAppMapping Table file: %s\n", filepath);
+        ParseError("Could not open AppMapping Table file: %s, no AppId rule support", filepath);
         return;
     }
 
@@ -503,7 +503,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(buf, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read id for Rna Id\n");
+            ErrorMessage("Could not read id for AppId\n");
             continue;
         }
 
@@ -520,7 +520,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(nullptr, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read service id for Rna Id\n");
+            ErrorMessage("Could not read service id for AppId\n");
             snort_free(app_name);
             continue;
         }
@@ -530,7 +530,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(nullptr, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read client id for Rna Id\n");
+            ErrorMessage("Could not read client id for AppId\n");
             snort_free(app_name);
             continue;
         }
@@ -540,7 +540,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(nullptr, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read payload id for Rna Id\n");
+            ErrorMessage("Could not read payload id for AppId\n");
             snort_free(app_name);
             continue;
         }

diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index a591f86031c535b173f66c5ded322d53b7f181ce..a0e9640bb717279a00f733ec6bc33c0e51ac178f 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -19,11 +19,13 @@
 // appid_module.cc author davis mcpherson <davmcphe@cisco.com>
 // Created on: May 10, 2016
 
+#include "appid_module.h"
+
 #include <string>
 
-#include "sfip/sf_ip.h"
-#include "appid_module.h"
+#include "log/messages.h"
 #include "profiler/profiler.h"
+#include "sfip/sf_ip.h"
 #include "utils/util.h"
 
 using namespace std;
@@ -233,6 +235,11 @@ bool AppIdModule::begin(const char* /*fqn*/, int, SnortConfig*)
 
 bool AppIdModule::end(const char*, int, SnortConfig*)
 {
+    if ( (config == nullptr) || (config->app_detector_dir == nullptr) )
+    {
+        ParseWarning(WARN_CONF,"no app_detector_dir present.  No support for AppId in rules.\n");
+    }
+
     return true;
 }
 

diff --git a/src/network_inspectors/appid/client_plugins/client_app_base.cc b/src/network_inspectors/appid/client_plugins/client_app_base.cc
index b533ffc95753c6e3019c446392c608e83530517b..4085f4e72aa32e83dde4e4d2cfd921fb69220415 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_base.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_base.cc
@@ -150,7 +150,9 @@ static void appSetClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned ext
     AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId);
     if (!pEntry)
     {
-        ErrorMessage("AppId: invalid direct client application AppId: %d\n", appId);
+        ParseError(
+            "AppId: ID to Name mapping entry missing for AppId: %d. No rule support for this ID.",
+            appId);
         return;
     }
     extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER);

diff --git a/src/network_inspectors/appid/service_plugins/service_base.cc b/src/network_inspectors/appid/service_plugins/service_base.cc
index 9475254da25a62ae7aab1943d195b293ee1b4674..ca787ae6a40ccff8bf22965a9d380267aa1c22e6 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_base.cc
+++ b/src/network_inspectors/appid/service_plugins/service_base.cc
@@ -257,7 +257,9 @@ static void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, uns
     AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId);
     if (!pEntry)
     {
-        ErrorMessage("AppId: invalid direct service AppId, %d", appId);
+        ParseError(
+          "AppId: ID to Name mapping entry missing for AppId: %d. No rule support for this ID.",
+          appId);
         return;
     }
     extractsInfo &= (APPINFO_FLAG_SERVICE_ADDITIONAL | APPINFO_FLAG_SERVICE_UDP_REVERSED);