From: Bhumika Sachdeva (bsachdev) Date: Wed, 2 Apr 2025 14:11:31 +0000 (+0000) Subject: Pull request #4673: appid: fixed unknown payload case for domain fronting X-Git-Tag: 3.7.3.0~10 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=484c348bb36d3f33fdca5feaea892158b86b8c8b;p=thirdparty%2Fsnort3.git Pull request #4673: appid: fixed unknown payload case for domain fronting Merge in SNORT/snort3 from ~BSACHDEV/snort3:domain_fronting_payload_unknown to master Squashed commit of the following: commit ca35caad3f65496e8ca02cdbca4f39f599a287db Author: bsachdev Date: Fri Mar 21 17:28:28 2025 -0400 appid: fixed unknown payload case for domain fronting --- diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index c8d28da89..45827a341 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -1217,14 +1217,23 @@ void AppIdSession::publish_shadow_traffic_event(const uint32_t &shadow_traffic_b const char* app_name; unsigned shadow_traffic_pub_id = 0; - std::string str_print; + std::string str_print; AppId publishing_appid = get_shadow_traffic_publishing_appid(); app_name = api.asd->get_odp_ctxt().get_app_info_mgr().get_app_name(publishing_appid); + if (app_name == nullptr) { - APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n"); - return; + if ((shadow_traffic_bits & ShadowTraffic_Type_Domain_Fronting) && + !(shadow_traffic_bits & ~ShadowTraffic_Type_Domain_Fronting)) + { + app_name = "unknown"; + } + else + { + APPID_LOG(CURRENT_PACKET, TRACE_DEBUG_LEVEL,"Appname is invalid, not publishing shadow traffic event without appname\n"); + return; + } } shadow_traffic_pub_id = DataBus::get_id(shadowtraffic_pub_key);