From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Tue, 14 Jan 2020 19:45:33 +0000 (+0000)
Subject: Merge pull request #1938 in SNORT/snort3 from ~KAMURTHI/snort3:TOR-Proxy to master
X-Git-Tag: 3.0.0-268~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb835267cffb55bf4e4259f5209ac672172393ae;p=thirdparty%2Fsnort3.git

Merge pull request #1938 in SNORT/snort3 from ~KAMURTHI/snort3:TOR-Proxy to master

Squashed commit of the following:

commit 7885b4c4de8c5a6396aa29c839818e0732e718c0
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date:   Sun Jan 12 17:24:24 2020 -0500

    appid: detect payload for http tunnel traffic
---

diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc
index e2633ba2d..a7a1666c6 100644
--- a/src/network_inspectors/appid/tp_appid_utils.cc
+++ b/src/network_inspectors/appid/tp_appid_utils.cc
@@ -774,9 +774,13 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I
                     // Handle HTTP tunneling and SSL possibly then being used in that tunnel
                     if (tp_app_id == APP_ID_HTTP_TUNNEL)
                         asd.set_payload_appid_data(APP_ID_HTTP_TUNNEL, change_bits);
-                    else if ((asd.payload.get_id() == APP_ID_HTTP_TUNNEL) &&
-                        (tp_app_id == APP_ID_SSL))
-                        asd.set_payload_appid_data(APP_ID_HTTP_SSL_TUNNEL, change_bits);
+                    else if (asd.payload.get_id() == APP_ID_HTTP_TUNNEL)
+                    {
+                        if (tp_app_id == APP_ID_SSL)
+                            asd.set_payload_appid_data(APP_ID_HTTP_SSL_TUNNEL, change_bits);
+                        else
+                            asd.set_payload_appid_data(tp_app_id, change_bits);
+                    }
 
                     AppIdHttpSession* hsession = asd.get_http_session();
                     hsession->process_http_packet(direction, change_bits);