From: Sreeja Athirkandathil Narayanan (sathirka) Date: Fri, 18 Nov 2022 14:23:09 +0000 (+0000) Subject: Pull request #3663: appid: Added config for logging alpn service mappings X-Git-Tag: 3.1.48.0~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fd0f437e7c4e254fc31b30c9eeee69164966989;p=thirdparty%2Fsnort3.git Pull request #3663: appid: Added config for logging alpn service mappings Merge in SNORT/snort3 from ~BSACHDEV/snort3:alpn_service to master Squashed commit of the following: commit 707eb376b25536ef398532d0466aa0c9ade171af Author: bsachdev Date: Thu Nov 10 10:40:12 2022 -0500 appid: Added config for logging alpn service mappings --- diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 7403db99c..a0ec848fc 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -84,6 +84,7 @@ public: // after certificate-exchange). Such manual detection is disabled by default (0). uint32_t first_decrypted_packet_debug = 0; bool log_eve_process_client_mappings = false; + bool log_alpn_service_mappings = false; #endif bool log_stats = false; uint32_t app_stats_period = 300; diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index e3681c0bd..171cc2173 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -71,6 +71,8 @@ static const Parameter s_params[] = "the first packet of an already decrypted SSL flow (debug single session only)" }, { "log_eve_process_client_mappings", Parameter::PT_BOOL, nullptr, "false", "enable logging of encrypted visibility engine process to client mappings" }, + { "log_alpn_service_mappings", Parameter::PT_BOOL, nullptr, "false", + "enable logging of alpn service mappings" }, #endif { "memcap", Parameter::PT_INT, "1024:maxSZ", "1048576", "max size of the service cache before we start pruning the cache" }, @@ -481,6 +483,8 @@ bool AppIdModule::set(const char*, Value& v, SnortConfig*) config->first_decrypted_packet_debug = v.get_uint32(); else if ( v.is("log_eve_process_client_mappings") ) config->log_eve_process_client_mappings = v.get_bool(); + else if (v.is("log_alpn_service_mappings") ) + config->log_alpn_service_mappings = v.get_bool(); else #endif if ( v.is("memcap") ) diff --git a/src/network_inspectors/appid/service_plugins/alpn_patterns.cc b/src/network_inspectors/appid/service_plugins/alpn_patterns.cc index 44abafa25..a9b6ef3fd 100644 --- a/src/network_inspectors/appid/service_plugins/alpn_patterns.cc +++ b/src/network_inspectors/appid/service_plugins/alpn_patterns.cc @@ -27,8 +27,10 @@ #include #include "log/messages.h" +#include "managers/inspector_manager.h" #include "utils/util.h" #include "appid_debug.h" +#include "appid_inspector.h" using namespace snort; using namespace std; @@ -103,6 +105,9 @@ void AlpnPatternMatchers::finalize_patterns() alpn_pattern_matcher.add(p->pattern.data(), p->pattern.size(), p, true); #ifdef REG_TEST + AppIdInspector* inspector = + (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true); + if (inspector and inspector->get_ctxt().config.log_alpn_service_mappings) LogMessage("Adding ALPN service App pattern %d %s\n", p->app_id, p->pattern.c_str()); #endif diff --git a/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc b/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc index 891735ad3..476a9fee8 100644 --- a/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc +++ b/src/network_inspectors/appid/service_plugins/test/alpn_patterns_tests.cc @@ -22,6 +22,7 @@ #include "config.h" #endif +#include "appid_inspector.h" #include "service_plugins/alpn_patterns.cc" #include "service_alpn_patterns_mock.h" @@ -42,6 +43,14 @@ int SearchTool::find_all(const char* pattern, unsigned, MpseMatch, bool, void* d } } +Inspector* InspectorManager::get_inspector(char const*, bool, const snort::SnortConfig*) +{ + return nullptr; +} + +AppIdContext* ctxt; +AppIdContext& AppIdInspector::get_ctxt() const { return *ctxt; } + TEST_GROUP(alpn_patterns_tests) { void setup() override