Pull request #4479: packet_io: set the flow state to block when forcing the session...

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:block_flow_state to master

Squashed commit of the following:

commit fc47b9301b9d235d493929d0eb746cab06eef574
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Oct 8 11:38:49 2024 -0400

    packet_io: set the flow state to block when forcing the session block

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index 06aa63cc79f9522537ad775823609202aff2cad3..b033d13bf2d26e699dc65978e2e027c9dc47a063 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -374,8 +374,6 @@ static void snort_reputation(const ReputationConfig& config, ReputationData& dat
         // disable all preproc analysis and detection for this packet
         DetectionEngine::disable_all(p);
         act->block_session(p, true);
-        if (p->flow)
-            p->flow->set_state(Flow::FlowState::BLOCK);
         act->set_drop_reason("reputation");
         reputationstats.blocked++;
         if (PacketTracer::is_active())

diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index fb1e228892956f2533d6112bd9dcfcc58e7d4108..c141f1f93afd5a5a3ec8655979d2a4c2dedd6a55 100644 (file)
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -725,6 +725,9 @@ void Active::block_session(Packet* p, bool force)
     if ( force or (p->context->conf->ips_inline_mode() and SFDAQ::forwarding_packet(p->pkth)))
         Stream::block_flow(p);
 
+    if ( force and p->flow )
+        p->flow->set_state(Flow::FlowState::BLOCK);
+
     p->disable_inspect = true;
 }
 

diff --git a/src/payload_injector/payload_injector.cc b/src/payload_injector/payload_injector.cc
index da77f0d9cc728dc053b55570054340fa846206a8..cf46920db6d80724a8705c1bcdff0b6a2dc5e2e9 100644 (file)
--- a/src/payload_injector/payload_injector.cc
+++ b/src/payload_injector/payload_injector.cc
@@ -156,9 +156,6 @@ InjectionReturnStatus PayloadInjector::inject_http_payload(Packet* p,
 
     DetectionEngine::disable_all(p);
 
-    if ( p->flow )
-        p->flow->set_state(Flow::FlowState::BLOCK);
-
     return status;
 }
 

diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc
index ce4589f384ba8626bbc8677077f88e44fe17f365..8a6765fc974a81b69d629ad48398b4b05a2eb146 100644 (file)
--- a/src/payload_injector/test/payload_injector_test.cc
+++ b/src/payload_injector/test/payload_injector_test.cc
@@ -54,7 +54,11 @@ uint32_t Active::send_data(snort::Packet*, EncodeFlags, unsigned char const*, un
     return 1;
 }
 
-void Active::block_session(snort::Packet*, bool) { }
+void Active::block_session(snort::Packet* p, bool force)
+{
+    if (force and p->flow)
+        p->flow->set_state(Flow::FlowState::BLOCK);
+}
 void DetectionEngine::disable_all(snort::Packet*) { }
 Flow::~Flow() = default;
 IpsContext::IpsContext(unsigned int) { }