Merge pull request #1926 in SNORT/snort3 from ~SELYSENK/snort3:dont_log_zero_vid...

Squashed commit of the following:

commit acbf1f541bffec35d3d63a779c515287bd43255f
Author: Serhii Lysenko <selysenk@cisco.com>
Date:   Thu Jan 23 16:16:20 2020 +0200

    loggers: update vlan logging in csv and json loggers

    Log vlan id 0 if vlan_agnostic or untagged, use flow vlan id or packet
    vid otherwise.

diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc
index 0bd5578865b0c5385c7730e077f0132967bfd90d..18278f9ff52a926238a5b8a96f8ee31014f8d720 100644 (file)
--- a/src/loggers/alert_csv.cc
+++ b/src/loggers/alert_csv.cc
@@ -419,18 +419,7 @@ static void ff_udp_len(const Args& a)
 
 static void ff_vlan(const Args& a)
 {
-    uint16_t vid;
-
-    if (a.pkt->flow)
-        vid = a.pkt->flow->key->vlan_tag;
-
-    else if ( a.pkt->proto_bits & PROTO_BIT__VLAN )
-        vid = layer::get_vlan_layer(a.pkt)->vid();
-
-    else
-        return;
-
-    TextLog_Print(csv_log, "%hu", vid);
+    TextLog_Print(csv_log, "%hu", a.pkt->get_flow_vlan_id());
 }
 
 //-------------------------------------------------------------------------

diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc
index aeb24409b6800ab90bbf8b2d82b462bb9454f6e5..1d075885f332334eb139b7d6ac3e1d325ca33a84 100644 (file)
--- a/src/loggers/alert_json.cc
+++ b/src/loggers/alert_json.cc
@@ -581,19 +581,8 @@ static bool ff_udp_len(const Args& a)
 
 static bool ff_vlan(const Args& a)
 {
-    uint16_t vid;
-
-    if (a.pkt->flow)
-        vid = a.pkt->flow->key->vlan_tag;
-
-    else if ( a.pkt->proto_bits & PROTO_BIT__VLAN )
-        vid = layer::get_vlan_layer(a.pkt)->vid();
-
-    else
-        return false;
-
     print_label(a, "vlan");
-    TextLog_Print(json_log, "%hu", vid);
+    TextLog_Print(json_log, "%hu", a.pkt->get_flow_vlan_id());
     return true;
 }
 

diff --git a/src/protocols/packet.cc b/src/protocols/packet.cc
index 904208ab239e0a1244eafa4d6456d19576da344c..508e8d34dc87e6efb4c13313dfbafbe42f8a226a 100644 (file)
--- a/src/protocols/packet.cc
+++ b/src/protocols/packet.cc
@@ -31,6 +31,7 @@
 #include "managers/codec_manager.h"
 
 #include "packet_manager.h"
+#include "vlan.h"
 
 namespace snort
 {
@@ -250,5 +251,17 @@ SnortProtocolId Packet::get_snort_protocol_id()
     return flow ? flow->ssn_state.snort_protocol_id : UNKNOWN_PROTOCOL_ID;
 }
 
+uint16_t Packet::get_flow_vlan_id() const
+{
+    uint16_t vid = 0;
+
+    if (flow)
+        vid = flow->key->vlan_tag;
+    else if ( !SnortConfig::get_vlan_agnostic() and (proto_bits & PROTO_BIT__VLAN) )
+        vid = layer::get_vlan_layer(this)->vid();
+
+    return vid;
+}
+
 } // namespace snort
 

diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 54724d0dbce99075b3c942719f45d99ae648e305..d36035ec556c95fda93d1bb46e65414b364acfcb 100644 (file)
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -305,6 +305,8 @@ struct SO_PUBLIC Packet
             flow->ssn_state.snort_protocol_id = proto_id;
     }
 
+    uint16_t get_flow_vlan_id() const;
+
 private:
     bool allocated;
 };