Merge in SNORT/snort3 from ~ASHIKTHO/snort3:CSCwo40673_tot_1 to master
Squashed commit of the following:
commit
61177c5e2c7690f33dca5b67dc0bb29dbeece64a
Author: bjandhya <bjandhya@cisco.com>
Date: Tue Mar 25 10:16:35 2025 -0400
binder, flow, framework: add a facility to block binding based on a do_not_decrypt flow flag and inspector can_decrypt method
bool binder_action_block : 1;
bool in_allowlist : 1; // Set if the flow is in the allowlist
bool allowed_on_excess : 1; // Set if the flow is allowed on excess
+ bool do_not_decrypt :1; //set when decided to not to decrypt
} flags = {};
int32_t client_intf = 0;
virtual bool supports_no_ips() const
{ return false; }
+ virtual bool can_decrypt() const
+ { return false; }
+
void allocate_thread_storage();
void set_thread_specific_data(void*);
void* get_thread_specific_data() const;
return when.has_criteria(BindWhen::Criteria::BWC_SVC) ? false : true;
}
+inline bool Binding::check_inspector(const Flow& flow) const
+{
+ return !(use.inspector and use.inspector->can_decrypt() and flow.flags.do_not_decrypt);
+}
+
bool Binding::check_all(const Flow& flow, const char* service) const
{
// Do the service check first to optimize service change re-evaluations
if (!check_tenant(flow))
return false;
+ if (!check_inspector(flow))
+ return false;
+
return true;
}
bool check_service(const snort::Flow&) const;
bool check_service(const char* service) const;
bool check_service() const;
+ bool check_inspector(const snort::Flow&) const;
};
#endif
projects / thirdparty / snort3.git / commitdiff
