Merge pull request #1826 in SNORT/snort3 from ~SHASLAD/snort3:dont_capture_rebuilt...

Squashed commit of the following:

commit 05efc9aebf8450c5b946142ec832c272c2f46366
Author: Shashi Lad <shaslad@cisco.com>
Date:   Wed Oct 30 00:44:41 2019 -0400

    packet_capture: ignore PDUs and defragged packets, include non-IP packets

diff --git a/src/network_inspectors/packet_capture/packet_capture.cc b/src/network_inspectors/packet_capture/packet_capture.cc
index bf3216f389301c8c164770400799274b057ffd12..f5b45e89298d76df340d3b9a179be6eab3dda38b 100644 (file)
--- a/src/network_inspectors/packet_capture/packet_capture.cc
+++ b/src/network_inspectors/packet_capture/packet_capture.cc
@@ -143,7 +143,7 @@ void packet_capture_enable(const string& f)
                 return;
             }
         }
-        else 
+        else
         {
             WarningMessage("Failed to enable Packet capture\n");
             packet_capture_disable();
@@ -198,11 +198,15 @@ bool PacketCapture::capture_init()
 
 void PacketCapture::eval(Packet* p)
 {
+
     if ( config.enabled )
     {
         if ( !capture_initialized() )
-            if ( !capture_init() )  
+            if ( !capture_init() )
                 return;
+                
+        if ( p->is_cooked() )
+            return;
 
         if ( !bpf.bf_insns || bpf_filter(bpf.bf_insns, p->pkt,
                 p->pktlen, p->pkth->pktlen) )
@@ -258,7 +262,7 @@ static const InspectApi pc_api =
         mod_dtor
     },
     IT_PROBE,
-    PROTO_BIT__ANY_TYPE,
+    PROTO_BIT__ANY_IP | PROTO_BIT__ETH,
     nullptr, // buffers
     nullptr, // service
     nullptr, // pinit