Merge pull request #771 in SNORT/snort3 from appid_count_kerberos to master

Squashed commit of the following:

commit 2721acae70b568e4d8e54b72c2318e81a8b6ca0f
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Tue Jan 10 10:53:38 2017 -0500

    new kerberos appid flows are counted when appid creates its flowdata

diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
index 08e846b74eb7d90c89f8db6ca023f7b0cbf06f6d..d210c81db7ced859085745afcc692b75ef2367f6 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
@@ -912,7 +912,6 @@ static KRB_RETCODE krb_walk_server_packet(KRBState* krbs, const uint8_t* s, cons
                 service_mod.api->add_service(asd, pkt, dir, &svc_element, APP_ID_KERBEROS,
                     nullptr, krbs->ver, nullptr);
                 asd->set_session_flags(APPID_SESSION_SERVICE_DETECTED);
-                appid_stats.kerberos_flows++;
             }
         }
 
@@ -973,6 +972,7 @@ static CLIENT_APP_RETCODE krb_client_validate(const uint8_t* data, uint16_t size
             fd->clnt_state.state = KRB_STATE_APP;
             fd->svr_state.state = KRB_STATE_APP;
         }
+        appid_stats.kerberos_flows++;
     }
 
     if (!fd->set_flags)