Merge pull request #2519 in SNORT/snort3 from ~MMATIRKO/snort3:os_fix to master

Squashed commit of the following:

commit c15937d1dc3c00f172cde8f1f91110477488bd1d
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Wed Sep 30 14:56:04 2020 -0400

    rna: add event_time to rna logger events

diff --git a/src/network_inspectors/rna/rna_app_discovery.cc b/src/network_inspectors/rna/rna_app_discovery.cc
index 6298a78a4e14bd0869d515e77d8d432598784e9a..f8d021ec1df14f132552514112d5d271298d1d2d 100644 (file)
--- a/src/network_inspectors/rna/rna_app_discovery.cc
+++ b/src/network_inspectors/rna/rna_app_discovery.cc
@@ -205,7 +205,7 @@ void RnaAppDiscovery::analyze_user_agent_fingerprint(const Packet* p, const char
         device_info, MAX_USER_AGENT_DEVICES) )
     {
         logger.log(RNA_EVENT_NEW, NEW_OS, p, &rt, (const struct in6_addr*)ip->get_ip6_ptr(),
-            src_mac, (FpFingerprint*)uafp);
+            src_mac, (FpFingerprint*)uafp, packet_time());
     }
 }
 

diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc
index bd9ada57308532b8abf3d1e56b369c0e0bba468f..c288d075c5db4e1b8dfd2cf237cb0a88eaedcdd1 100644 (file)
--- a/src/network_inspectors/rna/rna_logger.cc
+++ b/src/network_inspectors/rna/rna_logger.cc
@@ -107,9 +107,10 @@ void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker
 }
 
 void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker* ht,
-    const struct in6_addr* src_ip, const uint8_t* src_mac, const FpFingerprint* fp)
+    const struct in6_addr* src_ip, const uint8_t* src_mac, const FpFingerprint* fp,
+    uint32_t event_time)
 {
-    log(type, subtype, src_ip, src_mac, ht, p, 0, 0,
+    log(type, subtype, src_ip, src_mac, ht, p, event_time, 0,
         nullptr, nullptr, fp, nullptr, nullptr);
 }
 
@@ -156,8 +157,12 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_
         rle.ip = src_ip;
     else
         rle.ip = nullptr;
+
     if ( event_time )
+    {
+        rle.event_time = event_time;
         (*ht)->update_last_event(event_time);
+    }
 
     EventManager::call_loggers(nullptr, const_cast<Packet*>(p), "RNA", &rle);
 

diff --git a/src/network_inspectors/rna/rna_logger.h b/src/network_inspectors/rna/rna_logger.h
index af41ae81066b49f2464b3be8338db9c75fdc7ba4..89ab74002c7058580def9ebaa6adb9177195746f 100644 (file)
--- a/src/network_inspectors/rna/rna_logger.h
+++ b/src/network_inspectors/rna/rna_logger.h
@@ -40,6 +40,7 @@ struct RnaLoggerEvent : public Event
         const snort::FpFingerprint* fpr, const snort::HostClient* hcp) : type(t), subtype(st),
             mac(mc), ht(rt), hm(hmp), proto(pr), cond_var(cv), ha(hap), fp(fpr), hc(hcp) { }
 
+    uint32_t event_time = 0;
     uint16_t type;
     uint16_t subtype;
     const struct in6_addr* ip;
@@ -68,7 +69,8 @@ public:
 
     // for fingerprint
     void log(uint16_t type, uint16_t subtype, const snort::Packet* p, RnaTracker* ht,
-        const struct in6_addr* src_ip, const uint8_t* src_mac, const snort::FpFingerprint* fp);
+        const struct in6_addr* src_ip, const uint8_t* src_mac, const snort::FpFingerprint* fp,
+        uint32_t event_time);
 
     // for event time
     void log(uint16_t type, uint16_t subtype, const snort::Packet* p, RnaTracker* ht,

diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc
index c99bdaf61b0271765fad9b6c95f2e203892d7527..422cf7d6dfee19d1174d99695429cb99facc9cff 100644 (file)
--- a/src/network_inspectors/rna/rna_pnd.cc
+++ b/src/network_inspectors/rna/rna_pnd.cc
@@ -197,7 +197,7 @@ void RnaPnd::discover_network(const Packet* p, uint8_t ttl)
         const TcpFingerprint* tfp = processor->get(p, rna_flow);
 
         if (tfp && ht->add_tcp_fingerprint(tfp->fpid))
-            logger.log(RNA_EVENT_NEW, NEW_OS, p, &ht, src_ip_ptr, src_mac, tfp);
+            logger.log(RNA_EVENT_NEW, NEW_OS, p, &ht, src_ip_ptr, src_mac, tfp, packet_time());
     }
 }