From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Fri, 17 Dec 2021 00:44:13 +0000 (+0000)
Subject: Pull request #3222: appid: update appid api to include ssh in the list of service... 
X-Git-Tag: 3.1.20.0~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5eac21c475e31098eeae9a9933b72caedd9cd834;p=thirdparty%2Fsnort3.git

Pull request #3222: appid: update appid api to include ssh in the list of service inspectors that need inspection

Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_ssh_inspection_needed to master

Squashed commit of the following:

commit f1abc98a2de81509845b3d7d3e8bc99d3277ff04
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Thu Dec 16 12:56:49 2021 -0500

    appid: update appid api to include ssh in the list of service inspectors that need inspection
---

diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc
index 47f03e696..a6b93faa4 100644
--- a/src/network_inspectors/appid/appid_api.cc
+++ b/src/network_inspectors/appid/appid_api.cc
@@ -255,9 +255,12 @@ bool AppIdApi::is_inspection_needed(const Inspector& inspector) const
     AppIdInspector* appid_inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME,
         true);
 
-    if (appid_inspector and
-        (inspector.get_service() ==
-            appid_inspector->get_ctxt().config.snort_proto_ids[PROTO_INDEX_HTTP2]))
+    if (!appid_inspector)
+        return false;
+
+    SnortProtocolId id = inspector.get_service();
+    AppIdConfig& config = appid_inspector->get_ctxt().config;
+    if (id == config.snort_proto_ids[PROTO_INDEX_HTTP2] or id == config.snort_proto_ids[PROTO_INDEX_SSH])
         return true;
 
     return false;
diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc
index 9db516646..8bcca664a 100644
--- a/src/network_inspectors/appid/appid_config.cc
+++ b/src/network_inspectors/appid/appid_config.cc
@@ -62,6 +62,7 @@ static void map_app_names_to_snort_ids(SnortConfig* sc, AppIdConfig& config)
     config.snort_proto_ids[PROTO_INDEX_SUNRPC] = sc->proto_ref->add("sunrpc");
     config.snort_proto_ids[PROTO_INDEX_TFTP] = sc->proto_ref->add("tftp");
     config.snort_proto_ids[PROTO_INDEX_SIP] = sc->proto_ref->add("sip");
+    config.snort_proto_ids[PROTO_INDEX_SSH] = sc->proto_ref->add("ssh");
 }
 
 AppIdConfig::~AppIdConfig()
diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h
index 10bcae24a..f44c06e5a 100644
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -61,6 +61,7 @@ enum SnortProtoIdIndex
     PROTO_INDEX_SUNRPC,
     PROTO_INDEX_TFTP,
     PROTO_INDEX_SIP,
+    PROTO_INDEX_SSH,
 
     PROTO_INDEX_MAX
 };