Merge pull request #1777 in SNORT/snort3 from ~SATHIRKA/snort3:bittorrent_std_port...

author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)

committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)
author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)
committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)
diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc

index 77267a07b53a626b2b4a2ab0c1aecb0ac2e1d64f..caca44b71616858e297009586154eafeb7c1d9e3 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -373,6 +373,13 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa
                      config->allow_port_wildcard_host_cache = true;
                  }
              }
+            else if (!(strcasecmp(conf_key, "recheck_for_portservice_appid")))
+            {
+                if (!(strcasecmp(conf_val, "enabled")))
+                {
+                    config->recheck_for_portservice_appid = true;
+                }
+            }
              else if (!(strcasecmp(conf_key, "bittorrent_aggressiveness")))
              {
                  int aggressiveness = atoi(conf_val);
@@ -380,10 +387,12 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa
                  if (aggressiveness >= 50)
                  {
                      config->host_port_app_cache_lookup_interval = 5;
+                    config->recheck_for_portservice_appid = true;
                      set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER);
                      set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER_PAYLOAD);
                      config->max_tp_flow_depth = 25;
                      LogMessage("AppId: host_port_app_cache_lookup_interval %d\n", config->host_port_app_cache_lookup_interval);
+                    LogMessage("AppId: recheck_for_portservice_appid enabled\n");
                      LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_BITTORRENT);
                      LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_BITTORRENT);
                      LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth);
diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h

index 14f7f8749813cc03f07f22708b0bc235b5ea738e..5750b19f0c9794b6d51d1c507c13e20350b96fac 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -103,6 +103,7 @@ public:
      uint32_t host_port_app_cache_lookup_range = 100000;
      uint32_t http_response_version_enabled = 0;
      bool allow_port_wildcard_host_cache = false;
+    bool recheck_for_portservice_appid = false;
  };
  
  typedef std::array<SF_LIST*, APP_ID_PORT_ARRAY_SIZE> AppIdPortExclusions;
diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc

index 9ee0405a106ef5d544dd1b23bf17d73bfd9a6821..bc75f53f104708ce176ac6f6f0f9bc5d40049ac5 100644 (file)
--- a/src/network_inspectors/appid/appid_discovery.cc
+++ b/src/network_inspectors/appid/appid_discovery.cc
@@ -1044,8 +1044,10 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto
      misc_id =  asd.pick_misc_app_id();;
  
      bool is_http_tunnel = ((asd.payload.get_id() == APP_ID_HTTP_TUNNEL) || (asd.payload.get_id() == APP_ID_HTTP_SSL_TUNNEL)) ? true:false;
-    if ((is_http_tunnel) or ((service_id == APP_ID_UNKNOWN_UI or service_id <= APP_ID_NONE ) and
-       (client_id <= APP_ID_NONE and payload_id <= APP_ID_NONE and misc_id <= APP_ID_NONE)))
+    bool is_appid_none = (client_id <= APP_ID_NONE and payload_id <= APP_ID_NONE and misc_id <= APP_ID_NONE);
+    if ((is_appid_none and (service_id == APP_ID_UNKNOWN_UI or service_id <= APP_ID_NONE or
+        (asd.config->mod_config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id())))
+        or (is_http_tunnel))
      {
          if(is_http_tunnel)
          {
@@ -1060,6 +1062,7 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto
          }
          if (do_host_port_based_discovery(p, asd, protocol, direction))
          {
+            asd.service.set_port_service_id(APP_ID_NONE);
              service_id = asd.pick_service_app_id();
              client_id = asd.pick_client_app_id();
              payload_id = asd.pick_payload_app_id();
author	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)
committer	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Thu, 3 Oct 2019 18:07:37 +0000 (14:07 -0400)
src/network_inspectors/appid/app_info_table.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_config.h		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_discovery.cc		patch \| blob \| blame \| history