Merge pull request #2976 in SNORT/snort3 from ~SVLASIUK/snort3:fix_reject_inline_u2...

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 27 Jul 2021 17:47:27 +0000 (17:47 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 27 Jul 2021 17:47:27 +0000 (17:47 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 27 Jul 2021 17:47:27 +0000 (17:47 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 27 Jul 2021 17:47:27 +0000 (17:47 +0000)
diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc

index 3cc202a019ac863cd38fb3bd75d9792824bb8e23..d1a2b2a49cf77267704b0f7672495b0c2adbcfad 100644 (file)
--- a/src/actions/act_reject.cc
+++ b/src/actions/act_reject.cc
@@ -170,9 +170,11 @@ RejectAction::RejectAction(uint32_t f) : IpsAction(s_name, &rej_act_action) , re
  
  void RejectAction::exec(Packet* p, const OptTreeNode* otn)
  {
-    p->active->reset_session(p, get_active_action());
+    p->active->update_reset_status(p, false);
      if ( otn )
          Actions::alert(p, otn);
+
+    p->active->reset_session(p, get_active_action(), false, true);
  }
  
  //-------------------------------------------------------------------------
diff --git a/src/framework/base_api.h b/src/framework/base_api.h

index 973ae216ea1d7c20409e07688fd8086aa5d2ebe7..27a104b731ab22c4f56729d62aac30391be58656 100644 (file)
--- a/src/framework/base_api.h
+++ b/src/framework/base_api.h
@@ -29,7 +29,7 @@
  
  // this is the current version of the base api
  // must be prefixed to subtype version
-#define BASE_API_VERSION 3
+#define BASE_API_VERSION 4
  
  // set options to API_OPTIONS to ensure compatibility
  #ifndef API_OPTIONS
diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc

index 53d33aee0a330295fa5e468871b23d84d271bfed..1330ade9256e7dbebb65b105dae261abd95fb063 100644 (file)
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -679,12 +679,18 @@ void Active::reset_session(Packet* p, bool force)
      reset_session(p, &default_reset, force);
  }
  
-void Active::reset_session(Packet* p, ActiveAction* reject, bool force)
+void Active::update_reset_status(Packet* p, bool force)
  {
      active_action = ACT_RESET;
      update_status(p, force);
+}
  
-    if ( force or (p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth)))
+void Active::reset_session(Packet* p, ActiveAction* reject, bool force, bool skip_update_status)
+{
+    if ( !skip_update_status )
+        update_reset_status(p, force);
+
+    if ( force or (p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth)) )
          Stream::drop_flow(p);
  
      if (reject)
diff --git a/src/packet_io/active.h b/src/packet_io/active.h

index 1c184d30a3d1237c319359a1e27682c99f468dde..acd7655c08edb9f02a4ba3a6b0446d78796fe9d6 100644 (file)
--- a/src/packet_io/active.h
+++ b/src/packet_io/active.h
@@ -126,7 +126,9 @@ public:
      void trust_session(Packet*, bool force = false);
      void block_session(Packet*, bool force = false);
      void reset_session(Packet*, bool force = false);
-    void reset_session(Packet*, snort::ActiveAction* r, bool force = false);
+    void reset_session(Packet*, snort::ActiveAction* r, bool force = false,
+        bool skip_update_status = false);
+    void update_reset_status(Packet*, bool force);
  
      static void queue(snort::ActiveAction* a, snort::Packet* p);
      static void clear_queue(snort::Packet*);
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 27 Jul 2021 17:47:27 +0000 (17:47 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 27 Jul 2021 17:47:27 +0000 (17:47 +0000)
src/actions/act_reject.cc		patch \| blob \| blame \| history
src/framework/base_api.h		patch \| blob \| blame \| history
src/packet_io/active.cc		patch \| blob \| blame \| history
src/packet_io/active.h		patch \| blob \| blame \| history