Merge pull request #1704 in SNORT/snort3 from ~MMATIRKO/snort3:iprep_monitor to master

Squashed commit of the following:

commit 3e2f96ca0c53ebc5fa0df542a5b1df32be37e9df
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Fri Aug 2 16:48:10 2019 -0400

    reputation: Fixed issues with reputation monitor

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index c4b5fee71fa36208276e6d67e348ea602fe03c83..e1cf7a3dbbca5dce9ab28e6b7eba42e8eb54f7a3 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -32,6 +32,8 @@
 #include "network_inspectors/packet_tracer/packet_tracer.h"
 #include "packet_io/active.h"
 #include "profiler/profiler.h"
+#include "protocols/packet.h"
+
 
 #include "reputation_parse.h"
 
@@ -298,6 +300,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
     }
     else if (MONITORED == decision)
     {
+        p->packet_flags |= PKT_REP_MONITORED;
         DetectionEngine::queue_event(GID_REPUTATION, REPUTATION_EVENT_MONITOR);
         reputationstats.monitored++;
     }

diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 4901f5711aa46c0f18e9ef9b0554755dd0debce9..67d44926bf98c67435538d6db43c435219d433fc 100644 (file)
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -79,11 +79,11 @@ class SFDAQInstance;
 #define PKT_IGNORE           0x00800000  /* this packet should be ignored, based on port */
 #define PKT_RETRANSMIT       0x01000000  // packet is a re-transmitted pkt.
 #define PKT_RETRY            0x02000000  /* this packet is being re-evaluated from the internal retry queue */
-#define PKT_UNUSED_FLAGS     0xfc000000
+#define PKT_REP_MONITORED    0x04000000   /* this packet is monitored by reputation */ 
+#define PKT_UNUSED_FLAGS     0xf8000000
 
 #define PKT_TS_OFFLOADED        0x01
 
-// 0x40000000 are available
 #define PKT_PDU_FULL (PKT_PDU_HEAD | PKT_PDU_TAIL)
 
 enum PseudoPacketType