Merge pull request #3030 in SNORT/snort3 from ~RUCOMBS/snort3:frag_wiz to master

author Russ Combs (rucombs) <rucombs@cisco.com>

Wed, 25 Aug 2021 19:29:51 +0000 (19:29 +0000)

committer Russ Combs (rucombs) <rucombs@cisco.com>

Wed, 25 Aug 2021 19:29:51 +0000 (19:29 +0000)
author Russ Combs (rucombs) <rucombs@cisco.com>
Wed, 25 Aug 2021 19:29:51 +0000 (19:29 +0000)
committer Russ Combs (rucombs) <rucombs@cisco.com>
Wed, 25 Aug 2021 19:29:51 +0000 (19:29 +0000)
diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc

index e34695156e5e169da1df8bbb07fc787524500b41..44c0cd90da86ed595dce09a91450f2a1140619f2 100644 (file)
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -1175,7 +1175,7 @@ void InspectorManager::full_inspection(Packet* p)
  {
      Flow* flow = p->flow;
  
-    if ( flow->service and flow->clouseau and !p->is_cooked() )
+    if ( flow->service and flow->clouseau and (!(p->is_cooked()) or p->is_defrag()) )
          bumble(p);
  
      // For reassembled PDUs, a null data buffer signals no detection. Detection can be required
diff --git a/src/protocols/packet.h b/src/protocols/packet.h

index af1dcaf752098fbdb34d39e39eae41d6eb30bf0e..4a90e74549de62ba96e0581c6b7a7d29f12ecfa7 100644 (file)
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -303,6 +303,9 @@ struct SO_PUBLIC Packet
      bool is_rebuilt() const
      { return (packet_flags & (PKT_REBUILT_STREAM|PKT_REBUILT_FRAG)) != 0; }
  
+    bool is_defrag() const
+    { return (packet_flags & PKT_REBUILT_FRAG) != 0; }
+
      bool is_retry() const
      { return (packet_flags & PKT_RETRY) != 0; }
author	Russ Combs (rucombs) <rucombs@cisco.com>
	Wed, 25 Aug 2021 19:29:51 +0000 (19:29 +0000)
committer	Russ Combs (rucombs) <rucombs@cisco.com>
	Wed, 25 Aug 2021 19:29:51 +0000 (19:29 +0000)
src/managers/inspector_manager.cc		patch \| blob \| blame \| history
src/protocols/packet.h		patch \| blob \| blame \| history