From: Bhargava Jandhyala (bjandhya) <bjandhya@cisco.com>
Date: Thu, 30 Sep 2021 14:38:55 +0000 (+0000)
Subject: Merge pull request #3046 in SNORT/snort3 from ~SMULKA/snort3:fw_si to master
X-Git-Tag: 3.1.14.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9c77ba575223c84d571720f504b1514edb271b6;p=thirdparty%2Fsnort3.git

Merge pull request #3046 in SNORT/snort3 from ~SMULKA/snort3:fw_si to master

Squashed commit of the following:

commit 643cfe8c00aef8724a2ef12c7f9c8de751fe366b
Author: smulka <smulka@cisco.com>
Date:   Tue Aug 31 23:18:02 2021 -0400

    appid: log appid daq trace first followed by subscriber modules
---

diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc
index c68ff86a3..fdb5ab51e 100644
--- a/src/network_inspectors/appid/appid_discovery.cc
+++ b/src/network_inspectors/appid/appid_discovery.cc
@@ -27,6 +27,7 @@
 #include "host_tracker/host_cache.h"
 
 #include "log/messages.h"
+#include "packet_tracer/packet_tracer.h"
 #include "profiler/profiler.h"
 #include "protocols/packet.h"
 #include "protocols/tcp.h"
@@ -48,6 +49,30 @@
 #include "tp_appid_utils.h"
 using namespace snort;
 
+static void populate_trace_data(AppIdSession& session)
+{
+    // Skip sessions using old odp context after odp reload
+    if (session.get_odp_ctxt_version() != session.get_odp_ctxt().get_version())
+        return;
+
+    AppId service_id, client_id, payload_id, misc_id;
+    const char* service_app_name, * client_app_name, * payload_app_name, * misc_name;
+    OdpContext& odp_ctxt = session.get_odp_ctxt();
+    session.get_api().get_first_stream_app_ids(service_id, client_id, payload_id, misc_id);
+    service_app_name = appid_api.get_application_name(service_id, odp_ctxt);
+    client_app_name = appid_api.get_application_name(client_id, odp_ctxt);
+    payload_app_name = appid_api.get_application_name(payload_id, odp_ctxt);
+    misc_name = appid_api.get_application_name(misc_id, odp_ctxt);
+
+    PacketTracer::daq_log("AppID+%" PRId64"++service: %s(%d), "
+        "client: %s(%d), payload: %s(%d), misc: %s(%d)$",
+        TO_NSECS(pt_timer->get()),
+        (service_app_name ? service_app_name : ""), service_id,
+        (client_app_name ? client_app_name : ""), client_id,
+        (payload_app_name ? payload_app_name : ""), payload_id,
+        (misc_name ? misc_name : ""), misc_id);
+}
+
 AppIdDiscovery::~AppIdDiscovery()
 {
     for (auto pd : pattern_data)
@@ -261,6 +286,8 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspec
         asd->set_ss_application_ids(asd->pick_service_app_id(), asd->pick_ss_client_app_id(),
             asd->pick_ss_payload_app_id(), asd->pick_ss_misc_app_id(),
             asd->pick_ss_referred_payload_app_id(), change_bits);
+        if (PacketTracer::is_daq_activated())
+            populate_trace_data(*asd);
         asd->publish_appid_event(change_bits, *p);
         asd->set_session_flags(APPID_SESSION_FUTURE_FLOW_IDED);
 
@@ -715,5 +742,8 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd,
         asd.pick_ss_referred_payload_app_id(), change_bits);
     asd.set_tls_host(change_bits);
 
+    if (PacketTracer::is_daq_activated())
+        populate_trace_data(asd); 
+
     asd.publish_appid_event(change_bits, *p);
 }
diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc
index 074057d3f..78294caba 100644
--- a/src/network_inspectors/appid/appid_inspector.cc
+++ b/src/network_inspectors/appid/appid_inspector.cc
@@ -69,7 +69,7 @@ static void openssl_cleanup()
     CRYPTO_cleanup_all_ex_data();
 }
 
-static void populate_trace_data(Flow& flow, const OdpContext& odp_context)
+static void add_appid_to_packet_trace(Flow& flow, const OdpContext& odp_context)
 {
     AppIdSession* session = appid_api.get_appid_session(flow);
     // Skip sessions using old odp context after odp reload
@@ -85,25 +85,12 @@ static void populate_trace_data(Flow& flow, const OdpContext& odp_context)
     payload_app_name = appid_api.get_application_name(payload_id, odp_ctxt);
     misc_name = appid_api.get_application_name(misc_id, odp_ctxt);
 
-    if (PacketTracer::is_active())
-    {
-        PacketTracer::log(appid_mute,
-            "AppID: service: %s(%d), client: %s(%d), payload: %s(%d), misc: %s(%d)\n",
-            (service_app_name ? service_app_name : ""), service_id,
-            (client_app_name ? client_app_name : ""), client_id,
-            (payload_app_name ? payload_app_name : ""), payload_id,
-            (misc_name ? misc_name : ""), misc_id);
-    }
-    if (PacketTracer::is_daq_activated())
-    {
-        PacketTracer::daq_log("AppID+%" PRId64"++service: %s(%d), "
-            "client: %s(%d), payload: %s(%d), misc: %s(%d)$",
-            TO_NSECS(pt_timer->get()),
-            (service_app_name ? service_app_name : ""), service_id,
-            (client_app_name ? client_app_name : ""), client_id,
-            (payload_app_name ? payload_app_name : ""), payload_id,
-            (misc_name ? misc_name : ""), misc_id);
-    }
+    PacketTracer::log(appid_mute,
+        "AppID: service: %s(%d), client: %s(%d), payload: %s(%d), misc: %s(%d)\n",
+        (service_app_name ? service_app_name : ""), service_id,
+        (client_app_name ? client_app_name : ""), client_id,
+        (payload_app_name ? payload_app_name : ""), payload_id,
+        (misc_name ? misc_name : ""), misc_id);
 }
 
 AppIdInspector::AppIdInspector(AppIdModule& mod)
@@ -211,12 +198,12 @@ void AppIdInspector::eval(Packet* p)
     if (p->flow)
     {
         if (PacketTracer::is_daq_activated())
-             PacketTracer::pt_timer_start();
+            PacketTracer::pt_timer_start();
 
         AppIdDiscovery::do_application_discovery(p, *this, *pkt_thread_odp_ctxt, pkt_thread_tp_appid_ctxt);
         // FIXIT-L tag verdict reason as appid for daq
-        if (PacketTracer::is_active() || PacketTracer::is_daq_activated())
-            populate_trace_data(*p->flow, *pkt_thread_odp_ctxt);
+        if (PacketTracer::is_active())
+            add_appid_to_packet_trace(*p->flow, *pkt_thread_odp_ctxt);
     }
     else
         appid_stats.ignored_packets++;
diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc
index 82cc38109..3cc3eb3cf 100644
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -27,10 +27,12 @@
 #include "host_tracker/host_cache.h"
 #include "network_inspectors/appid/appid_discovery.cc"
 #include "network_inspectors/appid/appid_peg_counts.h"
+#include "network_inspectors/packet_tracer/packet_tracer.h"
 
 #include "search_engines/search_tool.h"
 #include "utils/sflsq.cc"
 
+#include "appid_api.h"
 #include "appid_mock_session.h"
 #include "appid_session_api.h"
 #include "tp_lib_handler.h"
@@ -46,6 +48,15 @@ void memory::MemoryCap::update_deallocations(size_t) { }
 
 namespace snort
 {
+// Stubs for appid api
+AppIdApi appid_api;
+const char* AppIdApi::get_application_name(AppId, OdpContext&) { return NULL; } 
+
+// Stubs for packet tracer
+THREAD_LOCAL PacketTracer* s_pkt_trace = nullptr;
+THREAD_LOCAL Stopwatch<SnortClock>* pt_timer = nullptr;
+void PacketTracer::daq_log(const char*, ...) { }
+
 // Stubs for packet
 Packet::Packet(bool) {}
 Packet::~Packet() = default;
@@ -113,6 +124,8 @@ void IpApi::set(const SfIp& sip, const SfIp& dip)
 
 AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) :
     StashGenericObject(STASH_GENERIC_OBJECT_APPID) {}
+void AppIdSessionApi::get_first_stream_app_ids(AppId&, AppId&,
+    AppId&, AppId&) const { }
 } // namespace snort
 void AppIdModule::reset_stats() {}
 DiscoveryFilter::~DiscoveryFilter() {}