Pull request #4322: dce_smb: Do not prune from LRU cache during file tracker update

Merge in SNORT/snort3 from ~KUMHN/snort3:automation_crash to master

Squashed commit of the following:

commit 858982dde3b99249dac7191f21d08a713fbaa350
Author: kumhn <kumhn@cisco.com>
Date:   Wed May 15 11:16:09 2024 +0530

    dce_smb: Do not prune from LRU cache during file tracker update

diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc
index 4e6b48f110ba9125a253f96b8195599ae86878bd..5f7855ea86236a8c141493ba0ebdad9eba9b878f 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2.cc
@@ -265,15 +265,7 @@ static inline bool DCE2_Smb2FindSidTid(DCE2_Smb2SsnData* ssd, const uint64_t sid
     const uint32_t tid, const uint32_t mid, DCE2_Smb2SessionTracker** str, DCE2_Smb2TreeTracker** ttr, bool
     lookup_cache = false)
 {
-    if(lookup_cache)
-    {
-        auto key = get_key(sid);
-        *str = smb2_session_cache->find(key).get();
-    }
-    else
-    {
-        *str = DCE2_Smb2FindSidInSsd(ssd, sid).get();
-    }
+    *str = DCE2_Smb2FindSidInSsd(ssd, sid).get();
     if (!*str)
     {
         if (lookup_cache)

diff --git a/src/service_inspectors/dce_rpc/dce_smb2.h b/src/service_inspectors/dce_rpc/dce_smb2.h
index 50263a3d187cd2531f83b52762d98ce35bad0104..fa3108cfb07e384d97cc6db5539649911eb29ebf 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2.h
+++ b/src/service_inspectors/dce_rpc/dce_smb2.h
@@ -235,7 +235,7 @@ struct Smb2SidHashKey
     int16_t sgroup = 0;
     uint32_t addressSpaceId = 0;
     uint16_t vlan_tag = 0;
-    uint16_t padding = 0;
+    uint16_t dport = 0;
     uint64_t sid = 0;
     uint32_t tenant_id = 0;
     uint32_t padding2 = 0;  // NOTE: If this changes, change do_hash too
@@ -256,6 +256,7 @@ struct Smb2SidHashKey
                addressSpaceId == other.addressSpaceId and
                vlan_tag == other.vlan_tag and
                sid == other.sid and
+               dport == other.dport and
                tenant_id == other.tenant_id );
     }
 };
@@ -341,7 +342,7 @@ private:
 
         mix(a, b, c);
 
-        a += d[12];  // vlan & pad
+        a += d[12];  // vlan & dport
         b += d[13];  // ip_proto, pkt_type, version, flags
 
         finalize(a, b, c);

diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc
index 6e66caf6a3e0130e04433df76335bb55b9e66910..10ef2ba8d87491404afd7946cb2f454f21b19d3f 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc
@@ -43,6 +43,7 @@ Smb2SidHashKey get_key(uint64_t sid)
         memcpy(key.cip, flow->client_ip.get_ip6_ptr(), 4 * sizeof(uint32_t));
         memcpy(key.sip, flow->server_ip.get_ip6_ptr(), 4 * sizeof(uint32_t));
         key.mplsLabel = flow->key->mplsLabel;
+        key.dport = flow->server_port;
         key.cgroup = flow->client_group;
         key.sgroup = flow->server_group;
         key.addressSpaceId = flow->key->addressSpaceId;

diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.h b/src/service_inspectors/dce_rpc/dce_smb2_utils.h
index aaae971214125daec06bfb9909c107f5aa843033..2647761a01fb40218a9bb491f708f45389b8fce5 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb2_utils.h
+++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.h
@@ -49,9 +49,6 @@ public:
         current_size += size;
         if ( size > 0)
         {
-            // Checking 1+ size prevents crash if max_size is too low to hold even a single entry
-            if ( current_size > max_size and list.size() > 1 )
-                LruLocal::prune();
             if ( stats.cache_max < current_size )
                 stats.cache_max = current_size;
         }