From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Thu, 15 Oct 2020 23:10:10 +0000 (+0000)
Subject: Merge pull request #2549 in SNORT/snort3 from ~MASHASAN/snort3:ua_event to master
X-Git-Tag: 3.0.3-3~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b855f3b8a95217533036d057864884d43ce70a9;p=thirdparty%2Fsnort3.git

Merge pull request #2549 in SNORT/snort3 from ~MASHASAN/snort3:ua_event to master

Squashed commit of the following:

commit e26bdf00b147ed0568fce9c4ebf7861b228b5e78
Author: Masud Hasan <mashasan@cisco.com>
Date:   Tue Oct 13 21:54:03 2020 -0400

    rna: Logging user-agent device information
---

diff --git a/src/network_inspectors/rna/rna_app_discovery.cc b/src/network_inspectors/rna/rna_app_discovery.cc
index 0544d95d6..cf7ba5322 100644
--- a/src/network_inspectors/rna/rna_app_discovery.cc
+++ b/src/network_inspectors/rna/rna_app_discovery.cc
@@ -259,7 +259,7 @@ void RnaAppDiscovery::analyze_user_agent_fingerprint(const Packet* p, const char
         device_info, MAX_USER_AGENT_DEVICES) )
     {
         logger.log(RNA_EVENT_NEW, NEW_OS, p, &rt, (const struct in6_addr*)ip->get_ip6_ptr(),
-            src_mac, (FpFingerprint*)uafp, packet_time());
+            src_mac, (FpFingerprint*)uafp, packet_time(), device_info, jail_broken);
     }
 }
 
diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc
index e1fb8abd6..49c7ae89d 100644
--- a/src/network_inspectors/rna/rna_logger.cc
+++ b/src/network_inspectors/rna/rna_logger.cc
@@ -129,10 +129,10 @@ void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker
 
 void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker* ht,
     const struct in6_addr* src_ip, const uint8_t* src_mac, const FpFingerprint* fp,
-    uint32_t event_time)
+    uint32_t event_time, const char* device_info, bool jail_broken)
 {
-    log(type, subtype, src_ip, src_mac, ht, p, event_time, 0,
-        nullptr, nullptr, fp);
+    log(type, subtype, src_ip, src_mac, ht, p, event_time, 0, nullptr, nullptr,
+        fp, nullptr, nullptr, nullptr, APP_ID_NONE, device_info, jail_broken);
 }
 
 void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker* ht,
@@ -164,14 +164,15 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_
     const uint8_t* src_mac, RnaTracker* ht, const Packet* p, uint32_t event_time,
     uint16_t proto, const HostMac* hm, const HostApplication* ha,
     const FpFingerprint* fp, void* cond_var, const HostClient* hc,
-    const char* user, AppId appid)
+    const char* user, AppId appid, const char* di, bool jb)
 {
     if ( !enabled )
         return false;
 
     assert(ht);
 
-    RnaLoggerEvent rle(type, subtype, src_mac, ht, hm, proto, cond_var, ha, fp, hc, user, appid);
+    RnaLoggerEvent rle(type, subtype, src_mac, ht, hm, proto, cond_var,
+        ha, fp, hc, user, appid, di, jb);
     if ( src_ip and (!IN6_IS_ADDR_V4MAPPED(src_ip) or src_ip->s6_addr32[3]) )
         rle.ip = src_ip;
     else
diff --git a/src/network_inspectors/rna/rna_logger.h b/src/network_inspectors/rna/rna_logger.h
index 47a61d33d..4deb0a5ba 100644
--- a/src/network_inspectors/rna/rna_logger.h
+++ b/src/network_inspectors/rna/rna_logger.h
@@ -38,8 +38,9 @@ struct RnaLoggerEvent : public Event
     RnaLoggerEvent (uint16_t t, uint16_t st, const uint8_t* mc, const RnaTracker* rt,
         const snort::HostMac* hmp, uint16_t pr, void* cv, const snort::HostApplication* hap,
         const snort::FpFingerprint* fpr, const snort::HostClient* hcp, const char* u,
-        int32_t app) : type(t), subtype(st), mac(mc), ht(rt), hm(hmp),
-        proto(pr), cond_var(cv), ha(hap), fp(fpr), hc(hcp), user(u), appid(app) { }
+        int32_t app, const char* di, bool jb) : type(t), subtype(st), mac(mc), ht(rt), hm(hmp),
+        proto(pr), cond_var(cv), ha(hap), fp(fpr), hc(hcp), user(u), appid(app),
+        device_info(di), jail_broken(jb) { }
 
     uint32_t event_time = 0;
     uint16_t type;
@@ -55,6 +56,8 @@ struct RnaLoggerEvent : public Event
     const snort::HostClient* hc;
     const char* user;
     AppId appid;
+    const char* device_info;
+    bool jail_broken;
 };
 
 class RnaLogger
@@ -77,7 +80,7 @@ public:
     // for fingerprint
     void log(uint16_t type, uint16_t subtype, const snort::Packet* p, RnaTracker* ht,
         const struct in6_addr* src_ip, const uint8_t* src_mac, const snort::FpFingerprint* fp,
-        uint32_t event_time);
+        uint32_t event_time, const char* device_info = nullptr, bool jail_broken = false);
 
     // for event time
     void log(uint16_t type, uint16_t subtype, const snort::Packet* p, RnaTracker* ht,
@@ -103,7 +106,8 @@ public:
         uint32_t event_time = 0, uint16_t proto = 0, const snort::HostMac* hm = nullptr,
         const snort::HostApplication* ha = nullptr, const snort::FpFingerprint* fp = nullptr,
         void* cond_var = nullptr, const snort::HostClient* hc = nullptr, 
-        const char* user = nullptr, AppId appid = APP_ID_NONE);
+        const char* user = nullptr, AppId appid = APP_ID_NONE, const char* device_info = nullptr,
+        bool jail_broken = false);
 
 private:
     const bool enabled;