From: Sreeja Athirkandathil Narayanan (sathirka) Date: Tue, 25 Oct 2022 19:33:52 +0000 (+0000) Subject: Pull request #3625: appid: publish client and payload ids set in eve process event... X-Git-Tag: 3.1.47.0~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23484b0a169bc67ed2840667c84d549a86227874;p=thirdparty%2Fsnort3.git Pull request #3625: appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete Merge in SNORT/snort3 from ~SATHIRKA/snort3:url_rule_matching to master Squashed commit of the following: commit f77afe9166c78bd765d6dd04bb0cfe471726fe6a Author: Sreeja Athirkandathil Narayanan Date: Mon Oct 10 14:26:09 2022 -0400 appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete --- diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index 78261a412..9e6a367ad 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -205,7 +205,6 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name, else asd->set_payload_id(payload_id); - asd->set_ss_application_ids(client_id, payload_id, change_bits); asd->set_tls_host(change_bits); Packet* p = DetectionEngine::get_current_packet(); diff --git a/src/network_inspectors/appid/appid_eve_process_event_handler.cc b/src/network_inspectors/appid/appid_eve_process_event_handler.cc index ad88cbe79..0493f584d 100644 --- a/src/network_inspectors/appid/appid_eve_process_event_handler.cc +++ b/src/network_inspectors/appid/appid_eve_process_event_handler.cc @@ -129,7 +129,6 @@ void AppIdEveProcessEventHandler::handle(DataEvent& event, Flow* flow) asd->get_odp_ctxt().get_ssl_matchers().scan_hostname(reinterpret_cast(server_name.c_str()), server_name.length(), client_id, payload_id); asd->set_payload_id(payload_id); - asd->set_ss_application_ids_payload(payload_id, change_bits); } if (appidDebug->is_active()) diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index 9e6887477..8e9e21d3f 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -266,7 +266,7 @@ TEST(appid_api, ssl_app_group_id_lookup) STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST); - STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log); + STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log); mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits); mock_session->tsession->set_tls_cname("www.cisco.com", 13, change_bits); @@ -282,7 +282,7 @@ TEST(appid_api, ssl_app_group_id_lookup) STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco"); - STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log); + STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log); string host = ""; val = appid_api.ssl_app_group_id_lookup(flow, (const char*)(host.c_str()), nullptr, @@ -310,7 +310,7 @@ TEST(appid_api, ssl_app_group_id_lookup) STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST); STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST); - STRCMP_EQUAL("Published change_bits == 0000000000100011000", test_log); + STRCMP_EQUAL("Published change_bits == 0000000000100000000", test_log); mock().checkExpectations(); }