Merge pull request #2886 in SNORT/snort3 from ~MMATIRKO/snort3:monitor_but_better...

author Masud Hasan (mashasan) <mashasan@cisco.com>

Tue, 18 May 2021 22:22:52 +0000 (22:22 +0000)

committer Masud Hasan (mashasan) <mashasan@cisco.com>

Tue, 18 May 2021 22:22:52 +0000 (22:22 +0000)
author Masud Hasan (mashasan) <mashasan@cisco.com>
Tue, 18 May 2021 22:22:52 +0000 (22:22 +0000)
committer Masud Hasan (mashasan) <mashasan@cisco.com>
Tue, 18 May 2021 22:22:52 +0000 (22:22 +0000)
diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc

index cd4bf555bee493a0738a9dc4f6cc97d396bbcbc4..dff5981d1d05809f34951b1c452e2279de57ef7e 100644 (file)
--- a/src/codecs/ip/cd_tcp.cc
+++ b/src/codecs/ip/cd_tcp.cc
@@ -627,7 +627,7 @@ bool TcpCodec::encode(const uint8_t* const raw_in, const uint16_t /*raw_len*/,
          if (enc.flags & ENC_FLAG_INLINE)
          {
              uint32_t seq = 0;
-            
+
              if(Stream::get_held_pkt_seq(flow, seq))
                  tcph_out->th_seq = htonl(seq);
              else
diff --git a/src/flow/flow.h b/src/flow/flow.h

index 6005154d52e6919a3ba99d81eced7af291a3f15e..2f94a7a66bb86aeec6d1db4c53fe00a76f5b8718 100644 (file)
--- a/src/flow/flow.h
+++ b/src/flow/flow.h
@@ -441,6 +441,8 @@ public:  // FIXIT-M privatize if possible
      unsigned network_policy_id;
      unsigned reload_id;
  
+    uint32_t iplist_monitor_id;
+
      uint32_t default_session_timeout;
  
      int32_t client_intf;
diff --git a/src/framework/module.cc b/src/framework/module.cc

index 3d02eef9e5ad8fc134c04b8d2e3d1610c4798529..3c9f5adbd7486801f0f304b14c78540a8f14cd40 100644 (file)
--- a/src/framework/module.cc
+++ b/src/framework/module.cc
@@ -145,7 +145,7 @@ void Module::show_stats()
  void Module::reset_stats()
  {
      PegCount* p = get_counts();
-    
+
      if ( !p )
          return;
  
diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc

index 0736cf176e725c21722ef03f6466ee60d659265f..e34695156e5e169da1df8bbb07fc787524500b41 100644 (file)
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -628,7 +628,7 @@ Inspector* InspectorManager::get_service_inspector_by_id(const SnortProtocolId p
  
      if ( !pi || !pi->framework_policy )
          return nullptr;
- 
+
      auto g = pi->framework_policy->inspector_cache_by_id.find(protocol_id);
      return (g != pi->framework_policy->inspector_cache_by_id.end()) ? g->second : nullptr;
  }
diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc

index 9461e2511f009697588f53cb66a3ba0aea6fa50b..10e85a15b32348158077cc9f7626f6d76b207f2d 100644 (file)
--- a/src/managers/module_manager.cc
+++ b/src/managers/module_manager.cc
@@ -1434,10 +1434,9 @@ void ModuleManager::reset_stats(clear_counter_type_t type)
              lock_guard<mutex> lock(stats_mutex);
              mh->mod->reset_stats();
          }
-    
      }
      else
-    { 
+    {
          auto mod_hooks = get_all_modhooks();
          for ( auto* mh : mod_hooks )
          {
diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc

index 74ce5216f2a1c62416f7c4282df07c3e43bb0dd5..7d316f0b7d0fd63a389e1edffddb88f591892d3b 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -297,7 +297,10 @@ static void snort_reputation_aux_ip(ReputationConfig* config, Packet* p, const S
          else if (decision == MONITORED)
          {
              if (p->flow)
+            {
                  p->flow->flags.reputation_monitor = true;
+                p->flow->iplist_monitor_id = p->iplist_id;
+            }
  
              DetectionEngine::queue_event(GID_REPUTATION, REPUTATION_EVENT_MONITOR_DST);
              reputationstats.aux_ip_monitored++;
diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc

index 57ce5383304a915ec5c978149097f670c09e0d7f..ade7611e01935b71dd10ad10a6501bcc2e69b743 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -1032,7 +1032,7 @@ static DCE2_SmbRequestTracker* DCE2_SmbInspect(DCE2_SmbSsnData* ssd, const SmbNt
      int smb_com = SmbCom(smb_hdr);
  
      if (smb_com < 0 or smb_com > 255) return nullptr;
-    
+
      debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(),
          "SMB command: %s (0x%02X)\n", get_smb_com_string(smb_com), smb_com);
author	Masud Hasan (mashasan) <mashasan@cisco.com>
	Tue, 18 May 2021 22:22:52 +0000 (22:22 +0000)
committer	Masud Hasan (mashasan) <mashasan@cisco.com>
	Tue, 18 May 2021 22:22:52 +0000 (22:22 +0000)
src/codecs/ip/cd_tcp.cc		patch \| blob \| blame \| history
src/flow/flow.h		patch \| blob \| blame \| history
src/framework/module.cc		patch \| blob \| blame \| history
src/managers/inspector_manager.cc		patch \| blob \| blame \| history
src/managers/module_manager.cc		patch \| blob \| blame \| history
src/network_inspectors/reputation/reputation_inspect.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/smb_message.cc		patch \| blob \| blame \| history