From: Mike Stepanek (mstepane) Date: Tue, 17 Jul 2018 00:35:40 +0000 (-0400) Subject: Merge pull request #1302 in SNORT/snort3 from dev_appid_to_appname to master X-Git-Tag: 3.0.0-246~21 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9e29b9483fdd1a85e7f5e4d62bc912bc48fd04df;p=thirdparty%2Fsnort3.git Merge pull request #1302 in SNORT/snort3 from dev_appid_to_appname to master Squashed commit of the following: commit 9807bf297f65cdc0349fdb0067ff4c29ac45b5fc Author: Devendra Dahiphale Date: Fri Jul 6 14:55:11 2018 -0400 appid: print application name along with application ID in appid-debug messages --- diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index d350afdfd..a94787333 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -751,8 +751,9 @@ bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInsp { asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_LOGGED); - LogMessage("AppIdDbg %s Ignoring connection with service %d\n", - appidDebug->get_debug_session(), asd->service.get_id()); + const char *app_name = AppInfoManager::get_instance().get_app_name(asd->service.get_id()); + LogMessage("AppIdDbg %s Ignoring connection with service %s (%d)\n", + appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd->service.get_id()); } return false; @@ -868,8 +869,11 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto { asd.service.set_port_service_id(id); if (appidDebug->is_active()) - LogMessage("AppIdDbg %s Port service %d from port\n", - appidDebug->get_debug_session(), asd.service.get_port_service_id()); + { + const char *app_name = AppInfoManager::get_instance().get_app_name(asd.service.get_port_service_id()); + LogMessage("AppIdDbg %s Port service %s (%d) from port\n", + appidDebug->get_debug_session(), app_name ? app_name : "unknown", asd.service.get_port_service_id()); + } } asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE); } @@ -926,8 +930,11 @@ bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd, IpProtocol proto service_id = id; asd.service.set_port_service_id(id); if (appidDebug->is_active()) - LogMessage("AppIdDbg %s Port service %d from length\n", - appidDebug->get_debug_session(), id); + { + const char *app_name = AppInfoManager::get_instance().get_app_name(id); + LogMessage("AppIdDbg %s Port service %s (%d) from length\n", + appidDebug->get_debug_session(), app_name ? app_name : "unknown", id); + } asd.set_session_flags(APPID_SESSION_PORT_SERVICE_DONE); } } @@ -973,6 +980,7 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd, if (appidDebug->is_active()) { const char* typeString; + const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); switch ( asd.search_support_type ) { case NOT_A_SEARCH_ENGINE: typeString = "NOT_A_SEARCH_ENGINE"; break; @@ -980,9 +988,8 @@ void AppIdDiscovery::do_post_discovery(Packet* p, AppIdSession& asd, case UNSUPPORTED_SEARCH_ENGINE: typeString = "UNSUPPORTED_SEARCH_ENGINE"; break; default: typeString = "unknown"; break; } - - LogMessage("AppIdDbg %s AppId %u (safe)search_support_type=%s\n", - appidDebug->get_debug_session(), payload_id, typeString); + LogMessage("AppIdDbg %s Application: %s (%d) (safe)search_support_type=%s\n", + appidDebug->get_debug_session(), app_name ? app_name : "unknown", payload_id, typeString); } } diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index cd3b73b0b..732d2d53b 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -481,12 +481,18 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction) { if (service_id > APP_ID_NONE and service_id != APP_ID_HTTP and asd.service.get_id() != service_id) - LogMessage("AppIdDbg %s User Agent is service %d\n", - appidDebug->get_debug_session(), service_id); + { + const char *app_name = AppInfoManager::get_instance().get_app_name(service_id); + LogMessage("AppIdDbg %s User Agent is service %s (%d)\n", + appidDebug->get_debug_session(), app_name ? app_name : "unknown", service_id); + } if (client_id > APP_ID_NONE and client_id != APP_ID_HTTP and asd.client.get_id() != client_id) - LogMessage("AppIdDbg %s User Agent is client %d\n", - appidDebug->get_debug_session(), client_id); + { + const char *app_name = AppInfoManager::get_instance().get_app_name(client_id); + LogMessage("AppIdDbg %s User Agent is client %s (%d)\n", + appidDebug->get_debug_session(), app_name ? app_name : "unknown", client_id); + } } asd.set_service_appid_data(service_id, nullptr, nullptr); asd.set_client_appid_data(client_id, version); @@ -502,8 +508,12 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction) nullptr); if (appidDebug->is_active() && payload_id > APP_ID_NONE && asd.payload.get_id() != payload_id) - LogMessage("AppIdDbg %s VIA is payload %d\n", appidDebug->get_debug_session(), + { + const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + LogMessage("AppIdDbg %s VIA is payload %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", payload_id); + } asd.set_payload_appid_data((AppId)payload_id, nullptr); asd.scan_flags &= ~SCAN_HTTP_VIA_FLAG; } @@ -527,17 +537,22 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction) { if (appidDebug->is_active() && client_id > APP_ID_NONE && client_id != APP_ID_HTTP && asd.client.get_id() != client_id) - LogMessage("AppIdDbg %s X is client %d\n", appidDebug->get_debug_session(), - appId); - + { + const char *app_name = AppInfoManager::get_instance().get_app_name(appId); + LogMessage("AppIdDbg %s X is client %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", appId); + } asd.set_client_appid_data(appId, version); } else { if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id != APP_ID_HTTP && asd.service.get_id() != service_id) - LogMessage("AppIdDbg %s X service %d\n", appidDebug->get_debug_session(), - appId); + { + const char *app_name = AppInfoManager::get_instance().get_app_name(appId); + LogMessage("AppIdDbg %s X service %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", appId); + } asd.set_service_appid_data(appId, nullptr, version); } asd.scan_flags &= ~SCAN_HTTP_XWORKINGWITH_FLAG; @@ -558,9 +573,13 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction) content_type->size()); if (appidDebug->is_active() && payload_id > APP_ID_NONE && asd.payload.get_id() != payload_id) - LogMessage("AppIdDbg %s Content-Type is payload %d\n", + { + const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + LogMessage("AppIdDbg %s Content-Type is payload %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", payload_id); + } asd.set_payload_appid_data((AppId)payload_id, nullptr); asd.scan_flags &= ~SCAN_HTTP_CONTENT_TYPE_FLAG; } @@ -582,9 +601,13 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction) { if (appidDebug->is_active() && client_id > APP_ID_NONE && client_id != APP_ID_HTTP && asd.client.get_id() != client_id) - LogMessage("AppIdDbg %s URL is client %d\n", + { + const char *app_name = AppInfoManager::get_instance().get_app_name(client_id); + LogMessage("AppIdDbg %s URL is client %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", client_id); + } asd.set_client_appid_data(client_id, nullptr); } @@ -592,17 +615,25 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction) { if (appidDebug->is_active() && service_id > APP_ID_NONE && service_id != APP_ID_HTTP && asd.service.get_id() != service_id) - LogMessage("AppIdDbg %s URL is service %d\n", + { + const char *app_name = AppInfoManager::get_instance().get_app_name(service_id); + LogMessage("AppIdDbg %s URL is service %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", service_id); + } asd.set_service_appid_data(service_id, nullptr, nullptr); } // DO overwrite a previously-set data if (appidDebug->is_active() && payload_id > APP_ID_NONE && asd.payload.get_id() != payload_id) - LogMessage("AppIdDbg %s URL is payload %d\n", appidDebug->get_debug_session(), + { + const char *app_name = AppInfoManager::get_instance().get_app_name(payload_id); + LogMessage("AppIdDbg %s URL is payload %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", payload_id); + } asd.set_payload_appid_data((AppId)payload_id, version); asd.set_referred_payload_app_id_data(referredPayloadAppId); } diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index 087a94c14..20bc67d12 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -45,6 +45,11 @@ using namespace snort; +const char* AppInfoManager::get_app_name(AppId) +{ + return ""; +} + // HttpPatternMatchers mock functions HttpPatternMatchers* HttpPatternMatchers::get_instance() { diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index 6f2d3b9f7..b6973e6d9 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -691,9 +691,13 @@ bool do_tp_discovery(AppIdSession& asd, IpProtocol protocol, asd.clear_session_flags(APPID_SESSION_APP_REINSPECT); if (appidDebug->is_active()) - LogMessage("AppIdDbg %s 3rd party returned %d\n", + { + const char *app_name = AppInfoManager::get_instance().get_app_name(tp_app_id); + LogMessage("AppIdDbg %s 3rd party returned %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", tp_app_id); + } // For now, third party can detect HTTP/2 (w/o metadata) for // some cases. Treat it like HTTP w/ is_http2 flag set. @@ -819,17 +823,25 @@ bool do_tp_discovery(AppIdSession& asd, IpProtocol protocol, // packet asd.service.set_port_service_id(portAppId); if (appidDebug->is_active()) - LogMessage("AppIdDbg %s SSL is service %d, portServiceAppId %d\n", + { + const char *service_name = AppInfoManager::get_instance().get_app_name(tp_app_id); + const char *port_service_name = AppInfoManager::get_instance().get_app_name(asd.service.get_port_service_id()); + LogMessage("AppIdDbg %s SSL is service %s (%d), portServiceAppId %s (%d)\n", appidDebug->get_debug_session(), - tp_app_id, asd.service.get_port_service_id()); + service_name ? service_name : "unknown", tp_app_id, + port_service_name ? port_service_name : "unknown", asd.service.get_port_service_id()); + } } else { asd.set_tp_payload_app_id(tp_app_id); tp_app_id = portAppId; if (appidDebug->is_active()) - LogMessage("AppIdDbg %s SSL is %d\n", appidDebug->get_debug_session(), - tp_app_id); + { + const char *app_name = AppInfoManager::get_instance().get_app_name(tp_app_id); + LogMessage("AppIdDbg %s SSL is %s (%d)\n", appidDebug->get_debug_session(), + app_name ? app_name : "unknown", tp_app_id); + } } snort_app_id = APP_ID_SSL; }