]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #2771 in SNORT/snort3 from ~KBHANDAN/snort3:pt_shell_nonip to...
authorMichael Altizer (mialtize) <mialtize@cisco.com>
Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
committerMichael Altizer (mialtize) <mialtize@cisco.com>
Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
Squashed commit of the following:

commit 0e87af6c8591908e68e8e3b60f98ff593566ef96
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date:   Tue Mar 2 11:35:49 2021 -0500

    packet_tracer: Do not log non-IP packets when enabled from shell and when a constraint is set

src/framework/packet_constraints.cc
src/network_inspectors/packet_tracer/packet_tracer.cc

index 884cbf49a128b84532ad84e5c859ab8c6e9431ea..57a8c55ee81e9ff01ffbd6d11156ccd7be5eb855 100644 (file)
@@ -61,7 +61,12 @@ bool PacketConstraints::packet_match(const Packet& p) const
         return false;
 
     if ( !p.has_ip() )
-        return false;
+    {
+        if ( set_bits & (SetBits::IP_PROTO|SetBits::SRC_PORT|SetBits::DST_PORT|SetBits::SRC_IP|SetBits::DST_IP) )
+            return false;
+        else
+            return true;
+    }
 
     if ( (set_bits & SetBits::IP_PROTO) and (p.get_ip_proto_next() != ip_proto) )
         return false;
index d711facb6942d6f0706ff55f5e03059760aad0c3..5acb55be3ea23ae9628ecb355d9135530c328532 100644 (file)
@@ -235,6 +235,13 @@ void PacketTracer::activate(const Packet& p)
 
     if (s_pkt_trace->user_enabled or s_pkt_trace->shell_enabled)
     {
+        if (s_pkt_trace->shell_enabled and
+                !s_pkt_trace->constraints.packet_match(p))
+        {
+            s_pkt_trace->active = false;
+            return;
+        }
+
         if (!p.ptrs.ip_api.is_ip())
         {
             s_pkt_trace->add_eth_header_info(p);
@@ -242,12 +249,6 @@ void PacketTracer::activate(const Packet& p)
         }
         else
         {
-            if (s_pkt_trace->shell_enabled and
-                !s_pkt_trace->constraints.packet_match(p))
-            {
-                s_pkt_trace->active = false;
-                return;
-            }
             s_pkt_trace->active = true;
             s_pkt_trace->add_ip_header_info(p);
         }