Pull request #3524: appid: set persistent flag for sunrpc expected session

Merge in SNORT/snort3 from ~SATHIRKA/snort3:persistent_flag_sunrpc_ff to master

Squashed commit of the following:

commit 16568a1b61156bc63a96accb373e42f53b9e75e6
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Mon Jul 18 13:32:32 2022 -0400

    appid: set persistent flag for sunrpc expected session

diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index b6fc19d583894d2d7d7f473f44a4284ccf73b896..07130602b07c9367710b812837b937e21eb21815 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -206,7 +206,8 @@ static inline PktType get_pkt_type_from_ip_proto(IpProtocol proto)
 
 AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const SfIp* cliIp,
     uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto,
-    SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirectional)
+    SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirectional,
+    bool expect_persist)
 {
     enum PktType type = get_pkt_type_from_ip_proto(proto);
 
@@ -232,7 +233,8 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S
     is_session_monitored(asd->flags, ctrlPkt, *inspector);
 
     if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
-        cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, false, bidirectional))
+        cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, false,
+        bidirectional, expect_persist))
     {
         if (appidDebug->is_active())
         {

diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h
index 3c456a6614973a8cb7e6b243007d00f61d0b276a..37472ec4ece599e8742b9b66b5742cbc20e786b4 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -233,7 +233,7 @@ public:
         AppidSessionDirection, AppIdInspector&, OdpContext&);
     static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t,
         const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false,
-        bool bidirectional=false);
+        bool bidirectional=false, bool expect_persist=false);
     void initialize_future_session(AppIdSession&, uint64_t);
 
     snort::Flow* flow = nullptr;

diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc
index a52b8627d0b0494b7cefeb3f792cb87544016193..93efbca8b76e4434a92a5743f18580466e04c34d 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rpc.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc
@@ -493,7 +493,7 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi
                         const SfIp* dip = pkt->ptrs.ip_api.get_dst();
                         AppIdSession* fsession = AppIdSession::create_future_session(
                             pkt, dip, 0, &sip, port, rd->proto,
-                            asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC]);
+                            asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC], false, false, true);
 
                         if (fsession)
                         {
@@ -519,8 +519,8 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi
                         tmp = ntohl(pmr->port);
 
                         AppIdSession* pf = AppIdSession::create_future_session(
-                            pkt, dip, 0, sip, (uint16_t)tmp,
-                            rd->proto,asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC]);
+                            pkt, dip, 0, sip, (uint16_t)tmp, rd->proto,
+                            asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC], false, false, true);
 
                         if (pf)
                         {