From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Tue, 25 Oct 2016 20:49:47 +0000 (-0400)
Subject: Merge pull request #686 in SNORT/snort3 from appid_config_errors to master
X-Git-Tag: 3.0.0-233~209
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95f000add50bbbf6b917be07be5059526c3a0753;p=thirdparty%2Fsnort3.git

Merge pull request #686 in SNORT/snort3 from appid_config_errors to master

Squashed commit of the following:

commit 775bbff15e3e5ce8dc73d51c561d9d3f2b05356e
Author: Ed Borgoyn <eborgoyn@cisco.com>
Date:   Mon Oct 24 15:48:09 2016 -0400

    Change missing mapping files to a ParseError.
---

diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc
index 735298ec1..35e0527f0 100644
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -492,7 +492,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
     tableFile = fopen(filepath, "r");
     if (tableFile == nullptr)
     {
-        ErrorMessage("Could not open RnaAppMapping Table file: %s\n", filepath);
+        ParseError("Could not open AppMapping Table file: %s, no AppId rule support", filepath);
         return;
     }
 
@@ -503,7 +503,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(buf, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read id for Rna Id\n");
+            ErrorMessage("Could not read id for AppId\n");
             continue;
         }
 
@@ -520,7 +520,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(nullptr, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read service id for Rna Id\n");
+            ErrorMessage("Could not read service id for AppId\n");
             snort_free(app_name);
             continue;
         }
@@ -530,7 +530,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(nullptr, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read client id for Rna Id\n");
+            ErrorMessage("Could not read client id for AppId\n");
             snort_free(app_name);
             continue;
         }
@@ -540,7 +540,7 @@ void AppInfoManager::init_appid_info_table(const char* path)
         token = strtok_r(nullptr, CONF_SEPARATORS, &context);
         if (!token)
         {
-            ErrorMessage("Could not read payload id for Rna Id\n");
+            ErrorMessage("Could not read payload id for AppId\n");
             snort_free(app_name);
             continue;
         }
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index a591f8603..a0e9640bb 100644
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -19,11 +19,13 @@
 // appid_module.cc author davis mcpherson <davmcphe@cisco.com>
 // Created on: May 10, 2016
 
+#include "appid_module.h"
+
 #include <string>
 
-#include "sfip/sf_ip.h"
-#include "appid_module.h"
+#include "log/messages.h"
 #include "profiler/profiler.h"
+#include "sfip/sf_ip.h"
 #include "utils/util.h"
 
 using namespace std;
@@ -233,6 +235,11 @@ bool AppIdModule::begin(const char* /*fqn*/, int, SnortConfig*)
 
 bool AppIdModule::end(const char*, int, SnortConfig*)
 {
+    if ( (config == nullptr) || (config->app_detector_dir == nullptr) )
+    {
+        ParseWarning(WARN_CONF,"no app_detector_dir present.  No support for AppId in rules.\n");
+    }
+
     return true;
 }
 
diff --git a/src/network_inspectors/appid/client_plugins/client_app_base.cc b/src/network_inspectors/appid/client_plugins/client_app_base.cc
index b533ffc95..4085f4e72 100644
--- a/src/network_inspectors/appid/client_plugins/client_app_base.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_base.cc
@@ -150,7 +150,9 @@ static void appSetClientValidator(RNAClientAppFCN fcn, AppId appId, unsigned ext
     AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId);
     if (!pEntry)
     {
-        ErrorMessage("AppId: invalid direct client application AppId: %d\n", appId);
+        ParseError(
+            "AppId: ID to Name mapping entry missing for AppId: %d. No rule support for this ID.",
+            appId);
         return;
     }
     extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER);
diff --git a/src/network_inspectors/appid/service_plugins/service_base.cc b/src/network_inspectors/appid/service_plugins/service_base.cc
index 9475254da..ca787ae6a 100644
--- a/src/network_inspectors/appid/service_plugins/service_base.cc
+++ b/src/network_inspectors/appid/service_plugins/service_base.cc
@@ -257,7 +257,9 @@ static void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, uns
     AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId);
     if (!pEntry)
     {
-        ErrorMessage("AppId: invalid direct service AppId, %d", appId);
+        ParseError(
+          "AppId: ID to Name mapping entry missing for AppId: %d. No rule support for this ID.",
+          appId);
         return;
     }
     extractsInfo &= (APPINFO_FLAG_SERVICE_ADDITIONAL | APPINFO_FLAG_SERVICE_UDP_REVERSED);