From: Serhii. Vlasiuk -X (svlasiuk - SOFTSERVE INC at Cisco) <svlasiuk@cisco.com>
Date: Tue, 30 Jan 2024 03:32:24 +0000 (+0000)
Subject: Pull request #4173: appid: add tenants filter for appid debug
X-Git-Tag: 3.1.79.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=262bbe84b32fe3b999c2293f59f551bdf726f8ca;p=thirdparty%2Fsnort3.git

Pull request #4173: appid: add tenants filter for appid debug

Merge in SNORT/snort3 from ~SVLASIUK/snort3:appid_tenants_filter to master

Squashed commit of the following:

commit 4aa58015003c8f08ea3a2cdb0f4686d27b39d816
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date:   Thu Jan 25 13:55:34 2024 +0200

    appid: add tenants filter for appid debug
---

diff --git a/src/network_inspectors/appid/appid_debug.cc b/src/network_inspectors/appid/appid_debug.cc
index 06fbe3a1d..9a3689b35 100644
--- a/src/network_inspectors/appid/appid_debug.cc
+++ b/src/network_inspectors/appid/appid_debug.cc
@@ -30,6 +30,7 @@
 #include "flow/flow_key.h"
 #include "log/messages.h"
 #include "trace/trace_api.h"
+#include "utils/util.h"
 
 #include "appid_config.h"
 #include "appid_module.h"
@@ -104,7 +105,8 @@ void AppIdDebug::activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t por
     if (!( log_all_sessions or
            ( info.proto_match(protocol) and
              ( (info.port_match(port1, port2) and info.ip_match(ip1, ip2)) or
-               (info.port_match(port2, port1) and info.ip_match(ip2, ip1)) ) ) ))
+               (info.port_match(port2, port1) and info.ip_match(ip2, ip1)) ) and
+               info.tenant_match(tenant_id) ) ))
     {
         active = false;
         return;
@@ -216,8 +218,10 @@ void AppIdDebug::set_constraints(const char *desc,
         info = *constraints;
         info.sip.ntop(sipstr, sizeof(sipstr));
         info.dip.ntop(dipstr, sizeof(dipstr));
-        appid_log(nullptr, TRACE_INFO_LEVEL, "Debugging %s with %s-%hu and %s-%hu %hhu\n", desc,
-            sipstr, info.sport, dipstr, info.dport, static_cast<uint8_t>(info.protocol));
+
+        appid_log(nullptr, TRACE_INFO_LEVEL, "Debugging %s with %s-%hu and %s-%hu %hhu and tenants:%s\n", desc,
+            sipstr, info.sport, dipstr, info.dport, static_cast<uint8_t>(info.protocol),
+            IntVectorToStr(info.tenants).c_str());
 
         enabled = true;
     }
diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h
index fb860add1..e1e99db64 100644
--- a/src/network_inspectors/appid/appid_debug.h
+++ b/src/network_inspectors/appid/appid_debug.h
@@ -52,6 +52,7 @@ struct AppIdDebugSessionConstraints
     uint16_t sport;
     uint16_t dport;
     IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
+    std::vector<uint32_t> tenants;
     bool proto_match(IpProtocol proto) const
     {
         return (protocol == IpProtocol::PROTO_NOT_SET or protocol == proto);
@@ -66,6 +67,18 @@ struct AppIdDebugSessionConstraints
             ((!sip_flag or !memcmp(sip.get_ip6_ptr(), ip1, sizeof(snort::ip::snort_in6_addr))) and
              (!dip_flag or !memcmp(dip.get_ip6_ptr(), ip2, sizeof(snort::ip::snort_in6_addr))));
     }
+    bool tenant_match(uint32_t tenant_id) const
+    {
+        if (tenant_id && !tenants.empty())
+        {
+            auto it = std::find_if(tenants.cbegin(), tenants.cend(),
+                [tenant_id](uint32_t t){ return t == tenant_id; });
+
+            if (it == tenants.cend())
+                return false;
+        }
+        return true;
+    }
 };
 
 class AppIdDebug
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index c920b2ffc..8f0e66f8e 100644
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -289,6 +289,7 @@ static int enable_debug(lua_State* L)
     int sport = luaL_optint(L, 3, 0);
     const char* dipstr = luaL_optstring(L, 4, nullptr);
     int dport = luaL_optint(L, 5, 0);
+    const char *tenantsstr = luaL_optstring(L, 6, nullptr);
 
     AppIdDebugSessionConstraints constraints = { };
     if (sipstr)
@@ -313,6 +314,9 @@ static int enable_debug(lua_State* L)
     constraints.sport = sport;
     constraints.dport = dport;
 
+    if (tenantsstr)
+        StrToIntVector(tenantsstr, ',', constraints.tenants);
+
     AppIdDebugLogEvent event(&constraints, "AppIdDbg");
     DataBus::publish(AppIdInspector::get_pub_id(), AppIdEventIds::DEBUG_LOG, event);
 
@@ -445,6 +449,7 @@ static const Parameter enable_debug_params[] =
     { "src_port", Parameter::PT_INT, nullptr, nullptr, "source port filter" },
     { "dst_ip", Parameter::PT_STRING, nullptr, nullptr, "destination IP address filter" },
     { "dst_port", Parameter::PT_INT, nullptr, nullptr, "destination port filter" },
+    { "tenants", Parameter::PT_STRING, nullptr, nullptr, "tenants filter" },
 
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc
index d532d4bdc..d2a66e051 100644
--- a/src/network_inspectors/appid/test/appid_debug_test.cc
+++ b/src/network_inspectors/appid/test/appid_debug_test.cc
@@ -56,6 +56,8 @@ void trace_vprintf(const char*, unsigned char, const char*, const Packet*, const
 uint8_t TraceApi::get_constraints_generation() { return 0; }
 }
 
+std::string IntVectorToStr(const std::vector<uint32_t>& elems, char delim) { return ""; }
+
 THREAD_LOCAL const snort::Trace* appid_trace;
 
 void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
diff --git a/src/network_inspectors/packet_tracer/packet_tracer.cc b/src/network_inspectors/packet_tracer/packet_tracer.cc
index 108e75fac..330820331 100644
--- a/src/network_inspectors/packet_tracer/packet_tracer.cc
+++ b/src/network_inspectors/packet_tracer/packet_tracer.cc
@@ -465,22 +465,9 @@ void PacketTracer::update_constraints(const PacketConstraints* cs)
     constraints.src_ip.ntop(sipstr, sizeof(sipstr));
     constraints.dst_ip.ntop(dipstr, sizeof(dipstr));
 
-    std::string tenants = "none";
-    if (constraints.tenants.size())
-    {
-        std::ostringstream oss;
-        for (size_t i = 0; i < constraints.tenants.size(); ++i)
-        {
-            oss << constraints.tenants[i];
-            if (i < constraints.tenants.size() - 1)
-                oss << ",";
-        }
-        tenants = oss.str();
-    }
-
     LogMessage("Debugging packet tracer with %s-%hu and %s-%hu %hhu and tenants:%s\n",
         sipstr, constraints.src_port, dipstr, constraints.dst_port,
-        static_cast<uint8_t>(constraints.ip_proto), tenants.c_str());
+        static_cast<uint8_t>(constraints.ip_proto), IntVectorToStr(constraints.tenants).c_str());
 
     shell_enabled = true;
 
diff --git a/src/network_inspectors/packet_tracer/packet_tracer_module.cc b/src/network_inspectors/packet_tracer/packet_tracer_module.cc
index 841b6c2b8..f714aa1b0 100644
--- a/src/network_inspectors/packet_tracer/packet_tracer_module.cc
+++ b/src/network_inspectors/packet_tracer/packet_tracer_module.cc
@@ -32,25 +32,12 @@
 #include "main/snort_config.h"
 #include "profiler/profiler.h"
 #include "sfip/sf_ip.h"
+#include "utils/util.h"
 
 #include "packet_tracer.h"
 
 using namespace snort;
 
-static void StrToVector(const std::string& s,
-    char delim,
-    std::vector<uint32_t>& elems)
-{
-    std::istringstream ss(s);
-    std::string item;
-    while (std::getline(ss, item, delim))
-    {
-        size_t pos;
-        uint32_t i = std::stoul(item, &pos);
-        elems.push_back(i);
-    }
-}
-
 static int enable(lua_State*);
 static int disable(lua_State*);
 
@@ -143,7 +130,7 @@ static int enable(lua_State* L)
     PacketConstraints constraints = {};
 
     if (tenantsstr)
-        StrToVector(tenantsstr, ',', constraints.tenants);
+        StrToIntVector(tenantsstr, ',', constraints.tenants);
 
     if (proto and (IpProtocol)proto < IpProtocol::PROTO_NOT_SET)
     {
diff --git a/src/utils/util.cc b/src/utils/util.cc
index aa8001e6b..eaeb5a8bb 100644
--- a/src/utils/util.cc
+++ b/src/utils/util.cc
@@ -507,6 +507,36 @@ bool get_file_size(const std::string& path, size_t& size)
     return true;
 }
 
+void StrToIntVector(const std::string& s, char delim, std::vector<uint32_t>& elems)
+{
+    std::istringstream ss(s);
+    std::string item;
+    while (std::getline(ss, item, delim))
+    {
+        size_t pos;
+        uint32_t i = std::stoul(item, &pos);
+        elems.push_back(i);
+    }
+}
+
+std::string IntVectorToStr(const std::vector<uint32_t>& elems, char delim)
+{
+    std::string str = "none";
+    if (elems.size())
+    {
+        std::ostringstream oss;
+        for (size_t i = 0; i < elems.size(); ++i)
+        {
+            oss << elems[i];
+            if (i < elems.size() - 1)
+                oss << delim;
+        }
+        str = oss.str();
+    }
+
+    return str;
+}
+
 #if defined(NOCOREFILE)
 void SetNoCores()
 {
diff --git a/src/utils/util.h b/src/utils/util.h
index 10512464b..84f941f4c 100644
--- a/src/utils/util.h
+++ b/src/utils/util.h
@@ -34,6 +34,7 @@
 #include <cstdlib>
 #include <cstring>
 #include <string>
+#include <vector>
 
 #include "main/snort_types.h"
 
@@ -56,6 +57,8 @@ bool EnterChroot(std::string& root_dir, std::string& log_dir);
 void InitProtoNames();
 unsigned int get_random_seed();
 bool get_file_size(const std::string&, size_t&);
+void StrToIntVector(const std::string& s, char delim, std::vector<uint32_t>& elems);
+std::string IntVectorToStr(const std::vector<uint32_t>& elems, char delim = ',');
 
 #if defined(NOCOREFILE)
 void SetNoCores();