Merge pull request #3044 in SNORT/snort3 from ~RUCOMBS/snort3:shock_top to master

author Russ Combs (rucombs) <rucombs@cisco.com>

Wed, 8 Sep 2021 18:03:37 +0000 (18:03 +0000)

committer Russ Combs (rucombs) <rucombs@cisco.com>

Wed, 8 Sep 2021 18:03:37 +0000 (18:03 +0000)
author Russ Combs (rucombs) <rucombs@cisco.com>
Wed, 8 Sep 2021 18:03:37 +0000 (18:03 +0000)
committer Russ Combs (rucombs) <rucombs@cisco.com>
Wed, 8 Sep 2021 18:03:37 +0000 (18:03 +0000)
diff --git a/src/detection/service_map.cc b/src/detection/service_map.cc

index f9e8b7a1f54f1c46d28238b1f3a46dd0829234f1..695d54121532b57a686f05f0e244dac36d5674d8 100644 (file)
--- a/src/detection/service_map.cc
+++ b/src/detection/service_map.cc
@@ -159,7 +159,7 @@ static void ServiceMapAddOtnRaw(GHash* table, const char* servicename, OptTreeNo
   *  service name.
   */
  static void ServiceMapAddOtn(
-    srmm_table_t* srmm, SnortProtocolId, const char* servicename, OptTreeNode* otn)
+    srmm_table_t* srmm, const char* servicename, OptTreeNode* otn)
  {
      assert(servicename and otn);
  
@@ -196,27 +196,19 @@ void fpCreateServiceMaps(SnortConfig* sc)
           hashNode = sc->otn_map->find_next())
      {
          OptTreeNode* otn = (OptTreeNode*)hashNode->data;
-        for (PolicyId policyId = 0;
-             policyId < otn->proto_node_num;
-             policyId++ )
+
+        // skip builtin rules
+        if ( otn->sigInfo.builtin )
+            continue;
+
+        /* Not enabled, don't do the FP content */
+        if ( !otn->enabled_somewhere() )
+            continue;
+
+        for ( const auto& svc : otn->sigInfo.services )
          {
-            RuleTreeNode* rtn = getRtnFromOtn(otn, policyId);
-            if ( rtn )
-            {
-                // skip builtin rules
-                if ( otn->sigInfo.builtin )
-                    continue;
-
-                /* Not enabled, don't do the FP content */
-                if ( !rtn->enabled() )
-                    continue;
-
-                for ( const auto& svc : otn->sigInfo.services )
-                {
-                    const char* s = svc.service.c_str();
-                    ServiceMapAddOtn(sc->srmmTable, rtn->snort_protocol_id, s, otn);
-                }
-            }
+            const char* s = svc.service.c_str();
+            ServiceMapAddOtn(sc->srmmTable, s, otn);
          }
      }
  }
diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc

index 20245dd2602f0b8e9b77a5cf1f99b2e172eb146b..7abd95ae559da9a151aeec6b79697651e97c5589 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -437,8 +437,10 @@ unsigned FlowControl::process(Flow* flow, Packet* p)
      if ( flow->flow_state != Flow::FlowState::SETUP )
      {
          flow->set_direction(p);
+
          // This call can reset the flow state to SETUP in lazy flow timeout cases
-        flow->session->precheck(p);
+        if ( flow->flow_state != Flow::FlowState::ALLOW )
+            flow->session->precheck(p);
      }
  
      if ( flow->flow_state != Flow::FlowState::SETUP )
author	Russ Combs (rucombs) <rucombs@cisco.com>
	Wed, 8 Sep 2021 18:03:37 +0000 (18:03 +0000)
committer	Russ Combs (rucombs) <rucombs@cisco.com>
	Wed, 8 Sep 2021 18:03:37 +0000 (18:03 +0000)
src/detection/service_map.cc		patch \| blob \| blame \| history
src/flow/flow_control.cc		patch \| blob \| blame \| history