Pull request #3646: main: Dump packet trace after publishing finalize event since...

Merge in SNORT/snort3 from ~STECHEW/snort3:move_packet_trace_after_finalize to master

Squashed commit of the following:

commit 98bdf68786445cf2d0ba4993550196295a8957ff
Author: Steve Chew <stechew@cisco.com>
Date:   Sun Oct 30 23:15:59 2022 -0400

    main: Dump packet trace after publishing finalize event since verdict could be modified.

diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 2424c6d4229cc67ca8eb5459887c23cebda3fb84..9003760c0b9fc6ca731132464934ab207b4ae475 100644 (file)
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -298,6 +298,27 @@ static DAQ_Verdict distill_verdict(Packet* p)
     return verdict;
 }
 
+static void packet_trace_dump(Packet* p, DAQ_Verdict verdict, bool msg_was_held)
+{
+    if (PacketTracer::is_active())
+    {
+        PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n",
+            get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id,
+            get_ips_policy()->user_policy_id);
+
+        if (p->active->packet_retry_requested())
+            PacketTracer::log("Verdict: Queuing for Retry\n");
+        else if (msg_was_held)
+            PacketTracer::log("Verdict: Holding for Detection\n");
+        else
+            PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict));
+        PacketTracer::dump(p);
+    }
+
+    if (PacketTracer::is_daq_activated())
+        PacketTracer::daq_dump(p);
+}
+
 void Analyzer::add_to_retry_queue(DAQ_Msg_h daq_msg)
 {
     retry_queue->put(daq_msg);
@@ -333,24 +354,6 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
             verdict = distill_verdict(p);
     }
 
-    if (PacketTracer::is_active())
-    {
-        PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n",
-            get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id,
-            get_ips_policy()->user_policy_id);
-
-        if (p->active->packet_retry_requested())
-            PacketTracer::log("Verdict: Queuing for Retry\n");
-        else if (msg_was_held)
-            PacketTracer::log("Verdict: Holding for Detection\n");
-        else
-            PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict));
-        PacketTracer::dump(p);
-    }
-
-    if (PacketTracer::is_daq_activated())
-        PacketTracer::daq_dump(p);
-
     HighAvailabilityManager::process_update(p->flow, p);
 
     if (verdict != MAX_DAQ_VERDICT)
@@ -363,6 +366,8 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
             DataBus::publish(FINALIZE_PACKET_EVENT, event);
         }
 
+        packet_trace_dump(p, verdict, msg_was_held);
+
         if (verdict == DAQ_VERDICT_BLOCK or verdict == DAQ_VERDICT_BLACKLIST)
             p->active->send_reason_to_daq(*p);
 
@@ -374,6 +379,10 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
             p->daq_instance->finalize_message(p->daq_msg, verdict);
         }
     }
+    else
+    {
+        packet_trace_dump(p, verdict, msg_was_held);
+    }
 }
 
 void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry)