Pull request #4012: flow: allow reinspection for blocked icmp flows after reload

Merge in SNORT/snort3 from ~SBAIGAL/snort3:icmp_fix to master

Squashed commit of the following:

commit 2749fdea6bb8b5e777288fd234f088adc05404ba
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Wed Sep 13 14:24:18 2023 -0400

    flow: allow reinspection for blocked icmp flows after reload

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index e84f3e847749860faaf6a3b72a7bf3a9d61d2e9d..56c5be9e8241f884e3e39b589c47bf1f341c22d0 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -431,6 +431,14 @@ bool FlowControl::process(PktType type, Packet* p, bool* new_flow)
     return true;
 }
 
+static inline void restart_inspection(Flow* flow, Packet* p)
+{
+    p->disable_inspect = false;
+    flow->flags.disable_inspect = false;
+    flow->flow_state = Flow::FlowState::SETUP;
+    flow->last_verdict = MAX_DAQ_VERDICT;
+}
+
 unsigned FlowControl::process(Flow* flow, Packet* p, bool new_ha_flow)
 {
     unsigned news = 0;
@@ -440,6 +448,10 @@ unsigned FlowControl::process(Flow* flow, Packet* p, bool new_ha_flow)
     p->flow = flow;
     p->disable_inspect = flow->is_inspection_disabled();
 
+    if ( p->disable_inspect and p->type() == PktType::ICMP
+         and flow->reload_id and SnortConfig::get_thread_reload_id() != flow->reload_id )
+        restart_inspection(flow, p);
+
     last_pkt_type = p->type();
 
     // If this code is executed on a flow in SETUP state, it will result in a packet from both