Merge pull request #2896 in SNORT/snort3 from ~ARMANDAV/snort3:ratefilter to master

Squashed commit of the following:

commit 381fb7df3faa8e3185c6c6fc29cba022031260bd
Author: Arun Mandava <armandav@cisco.com>
Date:   Wed May 12 14:37:59 2021 -0400

    filters: Change rate filter to use network policy id instead of ips policy id

diff --git a/src/filters/rate_filter.cc b/src/filters/rate_filter.cc
index bfbc6194c27499aeca305d31612d6a248ee6e9da..cdf153ee096987aac60cc6bc8f99b763047f15e2 100644 (file)
--- a/src/filters/rate_filter.cc
+++ b/src/filters/rate_filter.cc
@@ -133,12 +133,12 @@ int RateFilter_Test(const OptTreeNode* otn, Packet* p)
         // events and these require: src -> client, dst -> server.
         if ( p->is_from_server() )
         {
-            return SFRF_TestThreshold(
-                rfc, gid, sid, dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
+            return SFRF_TestThreshold(rfc, gid, sid, get_network_policy()->policy_id,
+                dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
         }
     }
 
-    return SFRF_TestThreshold(
-        rfc, gid, sid, sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
+    return SFRF_TestThreshold(rfc, gid, sid, get_network_policy()->policy_id,
+        sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
 }
 

diff --git a/src/filters/sfrf.cc b/src/filters/sfrf.cc
index 008aec74e070f998a2079a5a7d4bcc5de758f662..11f98c75f1c836fa62cf49125e4f92e249472eef 100644 (file)
--- a/src/filters/sfrf.cc
+++ b/src/filters/sfrf.cc
@@ -445,6 +445,7 @@ int SFRF_TestThreshold(
     RateFilterConfig* config,
     unsigned gid,
     unsigned sid,
+    PolicyId policy_id,
     const SfIp* sip,
     const SfIp* dip,
     time_t curTime,
@@ -458,8 +459,6 @@ int SFRF_TestThreshold(
     int status = -1;
     tSFRFGenHashKey key;
 
-    PolicyId policy_id = get_ips_policy()->policy_id;
-
 #ifdef SFRF_DEBUG
     printf("--%d-%u-%u: %s() entering\n", 0, gid, sid, __func__);
     fflush(stdout);
@@ -769,7 +768,7 @@ static void _updateDependentThresholds(
         // 4.    |       _updateDependentThresholds(gid internal, sid ADD)
         // 5.    continue with regularly scheduled programming (ie step 1)
 
-        SFRF_TestThreshold(config, gid, SESSION_EVENT_SETUP,
+        SFRF_TestThreshold(config, gid, SESSION_EVENT_SETUP, get_network_policy()->policy_id,
             sip, dip, curTime, SFRF_COUNT_DECREMENT);
         return;
     }

diff --git a/src/filters/sfrf.h b/src/filters/sfrf.h
index 0a9cbf936f58ff448b729f6499be6258cf482e23..9e09214526bf641d88ddaf6393e60878482ac717 100644 (file)
--- a/src/filters/sfrf.h
+++ b/src/filters/sfrf.h
@@ -163,6 +163,7 @@ int SFRF_TestThreshold(
     RateFilterConfig *config,
     unsigned gid,
     unsigned sid,
+    PolicyId policyid,
     const snort::SfIp *sip,
     const snort::SfIp *dip,
     time_t curTime,

diff --git a/src/filters/sfrf_test.cc b/src/filters/sfrf_test.cc
index c1c66b521efb8e6aaf6a71055bc5e62e6ce07170..85ff86ac49e1290c3eba4c5ad35b6043f24ae471 100644 (file)
--- a/src/filters/sfrf_test.cc
+++ b/src/filters/sfrf_test.cc
@@ -949,8 +949,8 @@ static int EventTest(EventData* p)
     sip.set(p->sip);
     dip.set(p->dip);
 
-    status = SFRF_TestThreshold(
-        rfc, p->gid, p->sid, &sip, &dip, curtime, op);
+    status = SFRF_TestThreshold(rfc, p->gid, p->sid, get_network_policy()->policy_id,
+        &sip, &dip, curtime, op);
 
     if ( status >= Actions::get_max_types() )
         status -= Actions::get_max_types();