Merge pull request #2824 in SNORT/snort3 from ~SMINUT/snort3:data_purge to master

Squashed commit of the following:

commit 596cd6e63ee19063e7c5fcdba4d930a99af486f9
Author: Silviu Minut <sminut@cisco.com>
Date:   Thu Apr 1 16:01:12 2021 -0400

    host_tracker: fix bug in set_visibility

    Clear HostTracker internal data not only when the visibility gets
    turned off, but rather whenever the visibility changes, in order to
    allow everything to be rediscovered after a data purge.

diff --git a/src/host_tracker/host_tracker.cc b/src/host_tracker/host_tracker.cc
index 4258e48c65c70be7ff6eb4be68fe00e1a3eb17ec..758d873f27439fbea6d36adf6c995d858d3e68dd 100644 (file)
--- a/src/host_tracker/host_tracker.cc
+++ b/src/host_tracker/host_tracker.cc
@@ -817,7 +817,7 @@ bool HostTracker::set_visibility(bool v)
 
     visibility = v ? container_id : HostCacheIp::invalid_id;
 
-    if ( visibility == HostCacheIp::invalid_id )
+    if ( old_visibility != visibility )
     {
         for ( auto& proto : network_protos )
             proto.second = false;
@@ -849,6 +849,9 @@ bool HostTracker::set_visibility(bool v)
 
         tcp_fpids.clear();
         ua_fps.clear();
+        udp_fpids.clear();
+        smb_fpids.clear();
+        netbios_name.clear();
     }
 
     return old_visibility == visibility;

diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc
index 2f88daf10ee1f67b72b3ffc32df7c14391ae889e..177a5115589df555fea6f5318ebb66779eda6b31 100644 (file)
--- a/src/network_inspectors/rna/rna_pnd.cc
+++ b/src/network_inspectors/rna/rna_pnd.cc
@@ -262,7 +262,7 @@ void RnaPnd::discover_network(const Packet* p, uint8_t ttl)
             rna_flow = nullptr;
         const TcpFingerprint* tfp = processor->get(p, rna_flow);
 
-        if (tfp and ht->add_tcp_fingerprint(tfp->fpid))
+        if ( tfp and ht->add_tcp_fingerprint(tfp->fpid) )
             logger.log(RNA_EVENT_NEW, NEW_OS, p, &ht, src_ip_ptr, src_mac, tfp, packet_time());
     }
 }