Pull request #3669: snort: fix deferred trust trigger

Merge in SNORT/snort3 from XTLS/snort3:osiryi_retry_whitelist_fix to master

Squashed commit of the following:

commit 8c454ad2416715be673406a15927fce7ad8048d0
Author: Oleksandr Siryi <osiryi@cisco.com>
Date:   Wed Nov 16 12:56:51 2022 +0200

    flow: fix deferred trust clear when packet is dropped

    Should only clear due to ACT_BLOCK and not ACT_DROP, so check session_was_blocked instead of packet_was_dropped

diff --git a/src/flow/deferred_trust.cc b/src/flow/deferred_trust.cc
index d54bae708155256dbe44de2e5d50d973585e50cc..599ca931767e93bb6083c0491564bf2e558f55dd 100644 (file)
--- a/src/flow/deferred_trust.cc
+++ b/src/flow/deferred_trust.cc
@@ -59,7 +59,7 @@ void DeferredTrust::set_deferred_trust(unsigned module_id, bool on)
 
 void DeferredTrust::finalize(Active& active)
 {
-    if (active.packet_was_dropped())
+    if (active.session_was_blocked())
         clear();
     else if (TRUST_DEFER_DO_TRUST == deferred_trust && active.session_was_allowed())
         active.set_trust();

diff --git a/src/flow/test/deferred_trust_test.cc b/src/flow/test/deferred_trust_test.cc
index f92d54fb7ab2a2d9c166d779aff79089eed5d6bd..720bd21d07a6778836576ca991a09ee581687ad3 100644 (file)
--- a/src/flow/test/deferred_trust_test.cc
+++ b/src/flow/test/deferred_trust_test.cc
@@ -150,6 +150,34 @@ TEST(deferred_trust_test, finalize)
     CHECK_TEXT(active.session_was_allowed(), "Session was not allowed while deferring trust");
 }
 
+/* Stub implementation for the test below to avoid linking */
+void Active::drop_packet(const Packet*, bool)
+{
+    active_action = ACT_DROP;
+}
+
+TEST(deferred_trust_test, finalize_clear)
+{
+    Active active{};
+
+    deferred_trust.clear();
+    // Enable
+    deferred_trust.set_deferred_trust(1, true);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    active.block_again();
+    // finalize should clear deferred_trust
+    deferred_trust.finalize(active);
+    CHECK_TEXT(!deferred_trust.is_active(), "Deferred trust should not be active");
+
+    deferred_trust.clear();
+    // Enable
+    deferred_trust.set_deferred_trust(1, true);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    active.drop_packet(nullptr, true);
+    // finalize should NOT clear deferred_trust
+    deferred_trust.finalize(active);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should still be active");
+}
 
 int main(int argc, char** argv)
 {