From: Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>
Date: Wed, 27 Mar 2024 13:17:58 +0000 (+0000)
Subject: Pull request #4257: appid: enhanced appid config parsing
X-Git-Tag: 3.1.84.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25dae02bf7bc7e00ca382e0c0fce4c0f0df25f34;p=thirdparty%2Fsnort3.git

Pull request #4257: appid: enhanced appid config parsing

Merge in SNORT/snort3 from ~BSACHDEV/snort3:tp_delimiter_change to master

Squashed commit of the following:

commit 9c063de67b6f2b81d3a2d1d2dfd63b07a8c45e02
Author: bsachdev <bsachdev@cisco.com>
Date:   Mon Mar 18 11:10:17 2024 -0400

    appid: enhanced appid config parsing
---

diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc
index 53b4fca73..120ab6684 100644
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -45,7 +45,6 @@
 using namespace snort;
 
 #define MAX_TABLE_LINE_LEN      1024
-static const char* CONF_SEPARATORS = "\t\n\r";
 static const int MIN_MAX_TP_FLOW_DEPTH = 1;
 static const int MAX_MAX_TP_FLOW_DEPTH = 1000000;
 static const int MIN_HOST_PORT_APP_CACHE_LOOKUP_INTERVAL = 1;
@@ -270,6 +269,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path)
 {
     char buf[MAX_TABLE_LINE_LEN];
     unsigned line = 0;
+    const char* CONF_SEPARATORS = "\t\n\r ";
 
     FILE* config_file = fopen(path, "r");
     if (config_file == nullptr)
@@ -666,7 +666,7 @@ void AppInfoManager::init_appid_info_table(const AppIdConfig& config,
     else
     {
         char buf[MAX_TABLE_LINE_LEN];
-
+        const char* CONF_SEPARATORS = "\t\n\r";
         while (fgets(buf, sizeof(buf), tableFile))
         {
             AppId app_id;
diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc
index 51d772853..73c7e65fd 100644
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -196,6 +196,31 @@ unsigned OdpContext::get_pattern_count()
         dns_matchers.get_pattern_count();
 }
 
+void OdpContext::dump_appid_config()
+{
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: dns_host_reporting                   %s\n", (dns_host_reporting ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: referred_appId_disabled              %s\n", (referred_appId_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: mdns_user_reporting                  %s\n", (mdns_user_reporting ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_userid_disabled                  %s\n", (chp_userid_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: is_host_port_app_cache_runtime       %s\n", (is_host_port_app_cache_runtime ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_port_app_cache            %s\n", (check_host_port_app_cache ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: check_host_cache_unknown_ssl         %s\n", (check_host_cache_unknown_ssl ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: ftp_userid_disabled                  %s\n", (ftp_userid_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_disabled         %s\n", (chp_body_collection_disabled ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: chp_body_collection_max              %d\n", chp_body_collection_max);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: rtmp_max_packets                     %d\n", rtmp_max_packets);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_tp_flow_depth                    %d\n", max_tp_flow_depth);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: tp_allow_probes                      %s\n", (tp_allow_probes ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval  %d\n", host_port_app_cache_lookup_interval);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range     %d\n", host_port_app_cache_lookup_range);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache       %s\n", (allow_port_wildcard_host_cache ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid        %s\n", (recheck_for_portservice_appid ? "True" : "False"));
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail        %" PRIu64" \n", max_bytes_before_service_fail);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail       %" PRIu16" \n", max_packet_before_service_fail);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_service_fail_ignore_bytes %" PRIu16" \n", max_packet_service_fail_ignore_bytes);
+    appid_log(nullptr, TRACE_INFO_LEVEL, "Appid Config: eve_http_client                      %s\n", (eve_http_client ? "True" : "False"));
+}
+
 OdpContext::OdpContext(const AppIdConfig& config, SnortConfig* sc)
 {
     app_info_mgr.init_appid_info_table(config, sc, *this);
diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h
index 0af943f1b..66b947e98 100644
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -146,6 +146,7 @@ public:
     OdpContext(const AppIdConfig&, snort::SnortConfig*);
     void initialize(AppIdInspector& inspector);
     void reload();
+    void dump_appid_config();
 
     uint32_t get_version() const
     {
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index 3d5da3ffc..a4c018dc5 100644
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -364,6 +364,22 @@ static int reload_third_party(lua_State* L)
     return 0;
 }
 
+static int print_appid_config(lua_State* L)
+{
+    ControlConn* ctrlcon = ControlConn::query_from_lua(L);
+    AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
+    if (!inspector)
+    {
+        ctrlcon->respond("== printing appid config failed - appid not enabled\n");
+        return 0;
+    }
+    ctrlcon->respond("== printing appid configs\n");
+    const AppIdContext& ctxt = inspector->get_ctxt();
+    OdpContext& odp_ctxt = ctxt.get_odp_ctxt();
+    odp_ctxt.dump_appid_config();
+    return 0;
+}
+
 static void clear_dynamic_host_cache_services()
 {
     auto hosts = host_cache.get_all_data();
@@ -460,6 +476,7 @@ static const Command appid_cmds[] =
     { "disable_debug", disable_debug, nullptr, "disable appid debugging"},
     { "reload_third_party", reload_third_party, nullptr, "reload appid third-party module" },
     { "reload_detectors", reload_detectors, nullptr, "reload appid detectors" },
+    { "print_appid_config", print_appid_config, nullptr, "print appid configs" },
     { nullptr, nullptr, nullptr, nullptr }
 };