Pull request #4708: appid: fixed crash while printing appid debug

author Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>

Mon, 28 Apr 2025 20:04:17 +0000 (20:04 +0000)

committer Chris Sherwin (chsherwi) <chsherwi@cisco.com>

Mon, 28 Apr 2025 20:04:17 +0000 (20:04 +0000)
author Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>
Mon, 28 Apr 2025 20:04:17 +0000 (20:04 +0000)
committer Chris Sherwin (chsherwi) <chsherwi@cisco.com>
Mon, 28 Apr 2025 20:04:17 +0000 (20:04 +0000)
diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h

index 92f2d5b0bdfcb12e40587476b65ff1804b90a2f4..e61d82ea69c5736bd917f7836f23838ad7a1a70c 100644 (file)
--- a/src/network_inspectors/appid/appid_debug.h
+++ b/src/network_inspectors/appid/appid_debug.h
@@ -42,6 +42,8 @@ namespace snort
  }
  
  #define CURRENT_PACKET snort::DetectionEngine::get_current_packet()
+#define SAFE_CURRENT_PACKET ((Analyzer::get_local_analyzer() && snort::DetectionEngine::get_context()) ? \
+                     snort::DetectionEngine::get_current_packet() : nullptr)
  
  void appid_log(const snort::Packet*, const uint8_t log_level, const char*, ...);
  
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc

index 45827a341a87877ca6f9a78dcafa56ce9358a4f6..be52d3349f9b12ba4023e1759bb30704b5eedd42 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -1218,10 +1218,16 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b
      const char* app_name;
      unsigned shadow_traffic_pub_id = 0;
      std::string str_print;
+    Packet* curr_packet = nullptr;
  
      AppId publishing_appid = get_shadow_traffic_publishing_appid();
      app_name = api.asd->get_odp_ctxt().get_app_info_mgr().get_app_name(publishing_appid);
  
+    if ((appidDebug and appidDebug->is_active()) || (appid_trace_enabled))
+    {
+        curr_packet = SAFE_CURRENT_PACKET;
+    }
+
      if (app_name == nullptr)
      {
          if ((shadow_traffic_bits & ShadowTraffic_Type_Domain_Fronting) && 
@@ -1231,7 +1237,7 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b
          }
          else 
          {
-            APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n");
+            APPID_LOG(curr_packet, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n");
              return; 
          }
      }
@@ -1244,7 +1250,7 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b
      if (appidDebug and appidDebug->is_active())
          change_shadow_traffic_bits_to_string(shadow_traffic_bits, str_print);
      
-    APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL, 
+    APPID_LOG(curr_packet, TRACE_DEBUG_LEVEL, 
          "AppID: ShadowTraffic Published event for: %s, application_name: %s(%d)\n", 
          str_print.c_str(), app_name, publishing_appid);
  }
author	Bhumika Sachdeva (bsachdev) <bsachdev@cisco.com>
	Mon, 28 Apr 2025 20:04:17 +0000 (20:04 +0000)
committer	Chris Sherwin (chsherwi) <chsherwi@cisco.com>
	Mon, 28 Apr 2025 20:04:17 +0000 (20:04 +0000)
src/network_inspectors/appid/appid_debug.h		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_session.cc		patch \| blob \| blame \| history