Merge pull request #2797 in SNORT/snort3 from ~MDAGON/snort3:detection to master

Squashed commit of the following:

commit bbfa5a891df785f60d423c84c1c55b125b4c07f0
Author: Maya Dagon <mdagon@cisco.com>
Date:   Mon Mar 15 16:04:54 2021 -0400

    detection: update detection.alert, to be used instead of reputation.total_alerts

diff --git a/src/detection/detect.cc b/src/detection/detect.cc
index 5f77ff9d10eb87449b1f1f53f294e76b79f7f1a1..cce1b50ab05192495f65aaddf856a0e90d6a2d72 100644 (file)
--- a/src/detection/detect.cc
+++ b/src/detection/detect.cc
@@ -38,6 +38,7 @@
 #include "packet_io/active.h"
 #include "ports/port_object.h"
 #include "profiler/profiler_defs.h"
+#include "reputation/reputation_common.h"
 #include "sfip/sf_ipvar.h"
 #include "stream/stream.h"
 #include "utils/stats.h"
@@ -103,14 +104,11 @@ void CallAlertFuncs(Packet* p, const OptTreeNode* otn, ListHead* head)
 
     pc.total_alert_pkts++;
 
-#if 0
-    // FIXIT-RC DELETE THIS this should be a generic feature of otn
     if ( otn->sigInfo.gid != GID_REPUTATION )
     {
         /* Don't include IP Reputation events in count */
         pc.alert_pkts++;
     }
-#endif
 
     OutputSet* idx = head ? head->AlertList : nullptr;
     EventManager::call_alerters(idx, p, otn->sigInfo.message.c_str(), event);

diff --git a/src/network_inspectors/reputation/reputation_config.h b/src/network_inspectors/reputation/reputation_config.h
index 9ef911fccc621a3354230273061f81ca1bf33d48..83869faabb93a466e2a086738c3ecb9998ad7fc0 100644 (file)
--- a/src/network_inspectors/reputation/reputation_config.h
+++ b/src/network_inspectors/reputation/reputation_config.h
@@ -109,7 +109,6 @@ struct ReputationStats
     PegCount trusted;
     PegCount monitored;
     PegCount memory_allocated;
-    PegCount total_alerts;
 };
 
 extern const PegInfo reputation_peg_names[];

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index ce17ce5f2010e8a0eef4542b722a6436a8e017a2..d1cbb6ab3d661d6a83b5d088ddae33a2e07bbcce 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -49,7 +49,6 @@ const PegInfo reputation_peg_names[] =
 { CountType::SUM, "trusted", "number of packets trusted" },
 { CountType::SUM, "monitored", "number of packets monitored" },
 { CountType::SUM, "memory_allocated", "total memory allocated" },
-{ CountType::SUM, "total_alerts", "total alerts triggered" },
 { CountType::END, nullptr, nullptr }
 };
 
@@ -277,7 +276,6 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
         act->block_session(p, true);
         act->set_drop_reason("reputation");
         reputationstats.blocked++;
-        reputationstats.total_alerts++;
         if (PacketTracer::is_active())
             PacketTracer::log("Reputation: packet blocked, drop\n");
     }
@@ -295,7 +293,6 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
 
         DetectionEngine::queue_event(GID_REPUTATION, monitor_event);
         reputationstats.monitored++;
-        reputationstats.total_alerts++;
     }
 
     else if (TRUSTED_SRC == decision or TRUSTED_DST == decision)
@@ -312,7 +309,6 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
         DetectionEngine::queue_event(GID_REPUTATION, allowlist_event);
         act->trust_session(p, true);
         reputationstats.trusted++;
-        reputationstats.total_alerts++;
     }
 }