From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Tue, 2 Jun 2020 00:27:44 +0000 (+0000)
Subject: Merge pull request #2235 in SNORT/snort3 from ~SATHIRKA/snort3:snort_protocol_id... 
X-Git-Tag: 3.0.1-5~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b19200c19f5d84d1a4d34aac31c75f472a37222;p=thirdparty%2Fsnort3.git

Merge pull request #2235 in SNORT/snort3 from ~SATHIRKA/snort3:snort_protocol_id to master

Squashed commit of the following:

commit 1ca8cfa087c34307a1fb84a8a1e16000026a0fab
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Thu May 28 17:52:58 2020 -0400

    appid: Set snort protocol id on the flow and remove ssl squelch code
---

diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc
index 0ed788361..b9cef01c0 100644
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -472,10 +472,6 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path)
             {
                 set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT);
             }
-            else if (!(strcasecmp(conf_key, "ssl_squelch")))
-            {
-                set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH);
-            }
             else if (!(strcasecmp(conf_key, "defer_to_thirdparty")))
             {
                 set_app_info_flags(atoi(conf_val), APPINFO_FLAG_DEFER);
diff --git a/src/network_inspectors/appid/app_info_table.h b/src/network_inspectors/appid/app_info_table.h
index ca053d694..51b950b8c 100644
--- a/src/network_inspectors/appid/app_info_table.h
+++ b/src/network_inspectors/appid/app_info_table.h
@@ -56,12 +56,11 @@ enum AppInfoFlags
     APPINFO_FLAG_DEFER                = (1<<7),
 
     APPINFO_FLAG_IGNORE               = (1<<8),
-    APPINFO_FLAG_SSL_SQUELCH          = (1<<9),
-    APPINFO_FLAG_PERSISTENT           = (1<<10),
-    APPINFO_FLAG_TP_CLIENT            = (1<<11),
-    APPINFO_FLAG_DEFER_PAYLOAD        = (1<<12),
-    APPINFO_FLAG_CLIENT_DETECTOR_CALLBACK = (1<<13),
-    APPINFO_FLAG_SERVICE_DETECTOR_CALLBACK = (1<<14)
+    APPINFO_FLAG_PERSISTENT           = (1<<9),
+    APPINFO_FLAG_TP_CLIENT            = (1<<10),
+    APPINFO_FLAG_DEFER_PAYLOAD        = (1<<11),
+    APPINFO_FLAG_CLIENT_DETECTOR_CALLBACK = (1<<12),
+    APPINFO_FLAG_SERVICE_DETECTOR_CALLBACK = (1<<13)
 };
 
 class AppInfoTableEntry
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 2df26d143..9a4238d87 100644
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -305,7 +305,7 @@ void AppIdSession::sync_with_snort_protocol_id(AppId newAppId, Packet* p)
     if (tmp_snort_protocol_id != snort_protocol_id)
     {
         snort_protocol_id = tmp_snort_protocol_id;
-        p->flow->ssn_state.snort_protocol_id = tmp_snort_protocol_id;
+        Stream::set_snort_protocol_id(p->flow, tmp_snort_protocol_id);
     }
 }
 
@@ -437,7 +437,6 @@ void AppIdSession::update_encrypted_app_id(AppId service_id)
 
 void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits)
 {
-    int ret;
     AppId client_id = 0;
     AppId payload_id = 0;
     const char* tls_str = tsession->get_tls_host();
@@ -445,39 +444,35 @@ void AppIdSession::examine_ssl_metadata(Packet* p, AppidChangeBits& change_bits)
     if ((scan_flags & SCAN_SSL_HOST_FLAG) and tls_str)
     {
         size_t size = strlen(tls_str);
-        if ((ret =
-            ctxt.get_odp_ctxt().get_ssl_matchers().scan_hostname((const uint8_t*)tls_str, size,
-            client_id, payload_id)))
+        if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_hostname((const uint8_t*)tls_str, size,
+            client_id, payload_id))
         {
             if (client.get_id() == APP_ID_NONE or client.get_id() == APP_ID_SSL_CLIENT)
                 set_client_appid_data(client_id, change_bits);
             set_payload_appid_data(payload_id, change_bits);
-            setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), ctxt.get_odp_ctxt());
         }
         scan_flags &= ~SCAN_SSL_HOST_FLAG;
     }
     if ((scan_flags & SCAN_SSL_CERTIFICATE_FLAG) and (tls_str = tsession->get_tls_cname()))
     {
         size_t size = strlen(tls_str);
-        if ((ret = ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
-            client_id, payload_id)))
+        if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
+            client_id, payload_id))
         {
             if (client.get_id() == APP_ID_NONE or client.get_id() == APP_ID_SSL_CLIENT)
                 set_client_appid_data(client_id, change_bits);
             set_payload_appid_data(payload_id, change_bits);
-            setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), ctxt.get_odp_ctxt());
         }
         scan_flags &= ~SCAN_SSL_CERTIFICATE_FLAG;
     }
     if ((tls_str = tsession->get_tls_org_unit()))
     {
         size_t size = strlen(tls_str);
-        if ((ret = ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
-            client_id, payload_id)))
+        if (ctxt.get_odp_ctxt().get_ssl_matchers().scan_cname((const uint8_t*)tls_str, size,
+            client_id, payload_id))
         {
             set_client_appid_data(client_id, change_bits);
             set_payload_appid_data(payload_id, change_bits);
-            setSSLSquelch(p, ret, (ret == 1 ? payload_id : client_id), ctxt.get_odp_ctxt());
         }
         tsession->set_tls_org_unit(nullptr, 0);
     }
diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 308452616..0dfe0ee9a 100644
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -810,36 +810,3 @@ bool is_service_over_ssl(AppId appId)
     return false;
 }
 
-bool setSSLSquelch(Packet* p, int type, AppId appId, OdpContext& odp_ctxt)
-{
-    if (!odp_ctxt.get_app_info_mgr().get_app_info_flags(appId, APPINFO_FLAG_SSL_SQUELCH))
-        return false;
-
-    const SfIp* dip = p->ptrs.ip_api.get_dst();
-    const SfIp* sip = p->ptrs.ip_api.get_src();
-
-    /* FIXIT-E: Passing appId to create_future_session() is incorrect. We
-       need to pass the snort_protocol_id associated with appId. */
-    AppIdSession* asd = AppIdSession::create_future_session(p, sip, 0, dip, p->ptrs.dp,
-        IpProtocol::TCP, appId, 0);
-
-    if (asd)
-    {
-        switch (type)
-        {
-        case 1:
-            asd->payload.set_id(appId);
-            break;
-        case 2:
-            asd->client.set_id(appId);
-            asd->client_disco_state = APPID_DISCO_STATE_FINISHED;
-            break;
-        default:
-            return false;
-        }
-        return true;
-    }
-    else
-        return false;
-}
-
diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.h b/src/network_inspectors/appid/service_plugins/service_ssl.h
index 705e22c64..7cfe2c393 100644
--- a/src/network_inspectors/appid/service_plugins/service_ssl.h
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.h
@@ -37,7 +37,6 @@ public:
 
 AppId getSslServiceAppId(short srcPort);
 bool is_service_over_ssl(AppId);
-bool setSSLSquelch(snort::Packet*, int type, AppId, OdpContext&);
 
 #endif
 
diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc
index 20835b26d..03d961e45 100644
--- a/src/network_inspectors/appid/tp_appid_utils.cc
+++ b/src/network_inspectors/appid/tp_appid_utils.cc
@@ -684,7 +684,7 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I
     }
 
     unsigned app_info_flags = asd.ctxt.get_odp_ctxt().get_app_info_mgr().get_app_info_flags(tp_app_id,
-        APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE | APPINFO_FLAG_SSL_SQUELCH);
+        APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE );
 
     // if the third-party appId must be treated as a client, do it now
     if (app_info_flags & APPINFO_FLAG_TP_CLIENT)
@@ -695,13 +695,6 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I
             asd.client.set_id(*p, asd, direction, tp_app_id, change_bits);
     }
 
-    if ((app_info_flags & APPINFO_FLAG_SSL_SQUELCH) and
-        asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
-        !(asd.scan_flags & SCAN_SSL_HOST_FLAG))
-    {
-        setSSLSquelch(p, 1, tp_app_id, asd.ctxt.get_odp_ctxt());
-    }
-
     if ( app_info_flags & APPINFO_FLAG_IGNORE )
     {
         if (appidDebug->is_active())