Pull request #3635: Allow ACT_TRUST to be used as a delayed action.

Merge in SNORT/snort3 from XTLS/snort3:osiryi_ddnd_no_tracker_main to master

Squashed commit of the following:

commit 5ddf1f2bb8d63d084752d34fc72d66ba1ec87e57
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:59:22 2022 -0400

    packet_io: The most strict delayed action takes precedence.

commit 9044167d9c016ee04b577adffdacad1689a47877
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:56:43 2022 -0400

    packet_io: Allow ACT_TRUST to be used as a delayed action.

diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index 33fcc23ae08706b62ed221378e44ab3a4e293c44..b28be74c8638029dda17ff94cea8d14a87af308d 100644 (file)
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -724,6 +724,11 @@ void Active::set_delayed_action(ActiveActionType action, bool force)
 
 void Active::set_delayed_action(ActiveActionType action, ActiveAction* act, bool force)
 {
+    // Don't update the delayed active action to a less strict one, with
+    // the exception of going from allow to trust.
+    if(delayed_active_action >= action and delayed_active_action > ACT_ALLOW)
+        return;
+
     delayed_active_action = action;
 
     if (delayed_reject == nullptr)
@@ -755,6 +760,9 @@ void Active::apply_delayed_action(Packet* p)
         if (!retry_packet(p))
             drop_packet(p, force);
         break;
+    case ACT_TRUST:
+        trust_session(p, force);
+        break;
     default:
         break;
     }