From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Mon, 23 Mar 2020 19:19:14 +0000 (+0000)
Subject: Merge pull request #2093 in SNORT/snort3 from ~KAMURTHI/snort3:DoT to master
X-Git-Tag: 3.0.0-270~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9ff7483f57e30b653a02b22e63c5787c067ee31;p=thirdparty%2Fsnort3.git

Merge pull request #2093 in SNORT/snort3 from ~KAMURTHI/snort3:DoT to master

Squashed commit of the following:

commit 175d9f0296de8b09fd637fd5ec3c997794758483
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date:   Tue Mar 17 16:26:41 2020 -0400

    appid: Include DNS over TLS port for classification.
---

diff --git a/src/network_inspectors/appid/application_ids.h b/src/network_inspectors/appid/application_ids.h
index 4ed802ec0..28255ab93 100644
--- a/src/network_inspectors/appid/application_ids.h
+++ b/src/network_inspectors/appid/application_ids.h
@@ -1014,6 +1014,7 @@ enum ApplicationIds : AppId
     APP_ID_FTP_ACTIVE                     = 4002,
     APP_ID_FTP_PASSIVE                    = 4003,
     APP_ID_PSIPHON                        = 4075,
+    APP_ID_DNS_OVER_TLS                   = 4615,
 #ifdef REG_TEST
     APP_ID_REGTEST                        = 10000,
     APP_ID_REGTEST1                       = 10001,
diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index 153a61fc3..7e6647b56 100644
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -218,6 +218,7 @@ SslServiceDetector::SslServiceDetector(ServiceDiscovery* sd)
         { 614, IpProtocol::TCP, false },
         { 636, IpProtocol::TCP, false },
         { 636, IpProtocol::UDP, false },
+        { 853, IpProtocol::TCP, false },
         { 989, IpProtocol::TCP, false },
         { 990, IpProtocol::TCP, false },
         { 992, IpProtocol::TCP, false },
@@ -759,6 +760,8 @@ AppId getSslServiceAppId(short srcPort)
         return APP_ID_SSHELL;
     case 636:
         return APP_ID_LDAPS;
+    case 853:
+        return APP_ID_DNS_OVER_TLS;
     case 989:
         return APP_ID_FTPSDATA;
     case 990: