Merge pull request #2501 in SNORT/snort3 from ~SMINUT/snort3:decode_flags to master

author Masud Hasan (mashasan) <mashasan@cisco.com>

Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)

committer Masud Hasan (mashasan) <mashasan@cisco.com>

Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)
author Masud Hasan (mashasan) <mashasan@cisco.com>
Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)
committer Masud Hasan (mashasan) <mashasan@cisco.com>
Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)
diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc

index c1759bef1996f435dc9e8327ac6e81f5ad3b0331..41cb8466283c8349bbc2c8a2c316cb77a62ae6d6 100644 (file)
--- a/src/codecs/ip/cd_ipv4.cc
+++ b/src/codecs/ip/cd_ipv4.cc
@@ -296,7 +296,10 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
      }
  
      if (frag_off & 0x4000)
+    {
          codec.codec_flags |= CODEC_DF;
+        snort.decode_flags |= DECODE_DF;
+    }
  
      if (frag_off & 0x2000)
          snort.decode_flags |= DECODE_MF;
diff --git a/src/framework/decode_data.h b/src/framework/decode_data.h

index 817f806ada3a70acf9f892110abd5cecf59e44fd..8c10166fd47aec58cb63823a70eec4d227137d24 100644 (file)
--- a/src/framework/decode_data.h
+++ b/src/framework/decode_data.h
@@ -97,16 +97,17 @@ enum DecodeFlags : std::uint16_t
      DECODE_PKT_TRUST =      0x0020,  // trust this packet
      DECODE_FRAG =           0x0040,  // ip - fragmented packet
      DECODE_MF =             0x0080,  // ip - more fragments
+    DECODE_DF =             0x0100,  // ip - don't fragment
  
      // using decode flags in lieu of creating user layer for now
-    DECODE_C2S =            0x0100,  // user - client to server
-    DECODE_SOF =            0x0200,  // user - start of flow
-    DECODE_EOF =            0x0400,  // user - end of flow
-    DECODE_GTP =            0x0800,
-
-    DECODE_TCP_MSS =        0x1000,
-    DECODE_TCP_TS =         0x2000,
-    DECODE_TCP_WS =         0x4000,
+    DECODE_C2S =            0x0200,  // user - client to server
+    DECODE_SOF =            0x0400,  // user - start of flow
+    DECODE_EOF =            0x0800,  // user - end of flow
+    DECODE_GTP =            0x1000,
+
+    DECODE_TCP_MSS =        0x2000,
+    DECODE_TCP_TS =         0x4000,
+    DECODE_TCP_WS =         0x8000,
  };
  
  struct DecodeData
@@ -143,7 +144,7 @@ struct DecodeData
      { return type; }
  
      inline bool dont_fragment() const
-    { return decode_flags & DECODE_MF; }
+    { return ip_api.is_ip6() || decode_flags & DECODE_DF; }
  };
  
  #endif
diff --git a/src/network_inspectors/rna/rna_fingerprint_tcp.cc b/src/network_inspectors/rna/rna_fingerprint_tcp.cc

index 7852900dfe54dfd7548d39909e752a5079eba1da..f365f269a93d548ad366c13d7eaf076cd6529293 100644 (file)
--- a/src/network_inspectors/rna/rna_fingerprint_tcp.cc
+++ b/src/network_inspectors/rna/rna_fingerprint_tcp.cc
@@ -197,7 +197,7 @@ const TcpFingerprint* TcpFpProcessor::get_tcp_fp(const FpTcpKey& key, uint8_t tt
          continue;  // tfp
  
      mssgood:
-        if (key.df == tfp->df &&
+        if ( (key.isIpv6 || key.df == tfp->df) &&  // don't check df for ipv6
              ttl <= tfp->ttl &&
              (tfp->ttl < MAXIMUM_FP_HOPS || ttl >= (tfp->ttl - MAXIMUM_FP_HOPS)))
          {
author	Masud Hasan (mashasan) <mashasan@cisco.com>
	Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)
committer	Masud Hasan (mashasan) <mashasan@cisco.com>
	Tue, 29 Sep 2020 13:40:27 +0000 (13:40 +0000)
src/codecs/ip/cd_ipv4.cc		patch \| blob \| blame \| history
src/framework/decode_data.h		patch \| blob \| blame \| history
src/network_inspectors/rna/rna_fingerprint_tcp.cc		patch \| blob \| blame \| history