Merge pull request #2924 in SNORT/snort3 from ~AMARNAYA/snort3:sunRPC_port_based_bind...

Squashed commit of the following:

commit 86d3a6674f7dc15467d9cc4513226d11b2fe3d25
Author: Amarnath Nayak <amarnaya@cisco.com>
Date:   Fri Jun 4 13:16:52 2021 -0400

    ips_options: fix intrusion alerts generation for tcp rpc PORTMAP traffic when rpc_decode is bound to the flow

diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc
index ed4485af1c6bef1d7589fb7b11f087e046b07037..829afcca32bbeb88f77e369daf93351cec897699 100644 (file)
--- a/src/ips_options/ips_rpc.cc
+++ b/src/ips_options/ips_rpc.cc
@@ -132,7 +132,7 @@ bool RpcOption::is_match(Packet* p)
 {
     const uint8_t* packet_data = p->data;
 
-    if ( p->is_tcp() )
+    if ( p->is_tcp() || p->is_data() )
         packet_data += 4;  // skip unused frag header
 
     packet_data += 4;  // skip unused xid
@@ -162,7 +162,7 @@ uint32_t RpcOption::get_int(const uint8_t*& data)
 // check if the packet type and size are valid
 bool RpcOption::is_valid(Packet* p)
 {
-    if ( p->is_tcp() )
+    if ( p->is_tcp() || p->is_data() )
         return p->dsize >= 28;
 
     else if ( p->is_udp() )