Merge pull request #2771 in SNORT/snort3 from ~KBHANDAN/snort3:pt_shell_nonip to...

author Michael Altizer (mialtize) <mialtize@cisco.com>

Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)

committer Michael Altizer (mialtize) <mialtize@cisco.com>

Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
author Michael Altizer (mialtize) <mialtize@cisco.com>
Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
committer Michael Altizer (mialtize) <mialtize@cisco.com>
Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
diff --git a/src/framework/packet_constraints.cc b/src/framework/packet_constraints.cc

index 884cbf49a128b84532ad84e5c859ab8c6e9431ea..57a8c55ee81e9ff01ffbd6d11156ccd7be5eb855 100644 (file)
--- a/src/framework/packet_constraints.cc
+++ b/src/framework/packet_constraints.cc
@@ -61,7 +61,12 @@ bool PacketConstraints::packet_match(const Packet& p) const
          return false;
  
      if ( !p.has_ip() )
-        return false;
+    {
+        if ( set_bits & (SetBits::IP_PROTO|SetBits::SRC_PORT|SetBits::DST_PORT|SetBits::SRC_IP|SetBits::DST_IP) )
+            return false;
+        else
+            return true;
+    }
  
      if ( (set_bits & SetBits::IP_PROTO) and (p.get_ip_proto_next() != ip_proto) )
          return false;
diff --git a/src/network_inspectors/packet_tracer/packet_tracer.cc b/src/network_inspectors/packet_tracer/packet_tracer.cc

index d711facb6942d6f0706ff55f5e03059760aad0c3..5acb55be3ea23ae9628ecb355d9135530c328532 100644 (file)
--- a/src/network_inspectors/packet_tracer/packet_tracer.cc
+++ b/src/network_inspectors/packet_tracer/packet_tracer.cc
@@ -235,6 +235,13 @@ void PacketTracer::activate(const Packet& p)
  
      if (s_pkt_trace->user_enabled or s_pkt_trace->shell_enabled)
      {
+        if (s_pkt_trace->shell_enabled and
+                !s_pkt_trace->constraints.packet_match(p))
+        {
+            s_pkt_trace->active = false;
+            return;
+        }
+
          if (!p.ptrs.ip_api.is_ip())
          {
              s_pkt_trace->add_eth_header_info(p);
@@ -242,12 +249,6 @@ void PacketTracer::activate(const Packet& p)
          }
          else
          {
-            if (s_pkt_trace->shell_enabled and
-                !s_pkt_trace->constraints.packet_match(p))
-            {
-                s_pkt_trace->active = false;
-                return;
-            }
              s_pkt_trace->active = true;
              s_pkt_trace->add_ip_header_info(p);
          }
author	Michael Altizer (mialtize) <mialtize@cisco.com>
	Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
committer	Michael Altizer (mialtize) <mialtize@cisco.com>
	Fri, 12 Mar 2021 15:37:13 +0000 (15:37 +0000)
src/framework/packet_constraints.cc		patch \| blob \| blame \| history
src/network_inspectors/packet_tracer/packet_tracer.cc		patch \| blob \| blame \| history