Merge pull request #2625 in SNORT/snort3 from ~DERAMADA/snort3:interfaces_fix to...

author Michael Altizer (mialtize) <mialtize@cisco.com>

Wed, 2 Dec 2020 17:16:46 +0000 (17:16 +0000)

committer Michael Altizer (mialtize) <mialtize@cisco.com>

Wed, 2 Dec 2020 17:16:46 +0000 (17:16 +0000)
author Michael Altizer (mialtize) <mialtize@cisco.com>
Wed, 2 Dec 2020 17:16:46 +0000 (17:16 +0000)
committer Michael Altizer (mialtize) <mialtize@cisco.com>
Wed, 2 Dec 2020 17:16:46 +0000 (17:16 +0000)
diff --git a/src/stream/tcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc

index 03c93b847bfa121ed37d66ed87a37a1df24bc27d..c8152f8354a3fa081355fce43982fcca78f389e3 100644 (file)
--- a/src/stream/tcp/tcp_stream_session.cc
+++ b/src/stream/tcp/tcp_stream_session.cc
@@ -271,7 +271,8 @@ void TcpStreamSession::set_packet_header_foo(const TcpSegmentDescriptor& tsd)
  {
      const Packet* p = tsd.get_pkt();
  
-    if ( daq_flags & DAQ_PKT_FLAG_NOT_FORWARDING )
+    if ( tsd.is_packet_from_client() || (p->pkth->egress_index == DAQ_PKTHDR_UNKNOWN
+         && p->pkth->egress_group == DAQ_PKTHDR_UNKNOWN) )
      {
          ingress_index = p->pkth->ingress_index;
          ingress_group = p->pkth->ingress_group;
@@ -279,17 +280,12 @@ void TcpStreamSession::set_packet_header_foo(const TcpSegmentDescriptor& tsd)
          egress_index = p->pkth->egress_index;
          egress_group = p->pkth->egress_group;
      }
-    else if ( tsd.is_packet_from_client() )
-    {
-        ingress_index = p->pkth->ingress_index;
-        ingress_group = p->pkth->ingress_group;
-        // ssn egress not always correct here
-    }
      else
      {
-        // ssn ingress not always correct here
          egress_index = p->pkth->ingress_index;
          egress_group = p->pkth->ingress_group;
+        ingress_index = p->pkth->egress_index;
+        ingress_group = p->pkth->egress_group;
      }
  
      daq_flags = p->pkth->flags;
@@ -298,7 +294,8 @@ void TcpStreamSession::set_packet_header_foo(const TcpSegmentDescriptor& tsd)
  
  void TcpStreamSession::get_packet_header_foo(DAQ_PktHdr_t* pkth, uint32_t dir)
  {
-    if ( (dir & PKT_FROM_CLIENT) || (daq_flags & DAQ_PKT_FLAG_NOT_FORWARDING) )
+    if ( (dir & PKT_FROM_CLIENT) || (egress_index == DAQ_PKTHDR_UNKNOWN &&
+         egress_group == DAQ_PKTHDR_UNKNOWN) )
      {
          pkth->ingress_index = ingress_index;
          pkth->ingress_group = ingress_group;
diff --git a/src/stream/tcp/tcp_stream_session.h b/src/stream/tcp/tcp_stream_session.h

index 6ad83b3ff36a361ee774d29398ed67ba7df0462d..f950e2815fa460adf89b525e45ec8552059336a7 100644 (file)
--- a/src/stream/tcp/tcp_stream_session.h
+++ b/src/stream/tcp/tcp_stream_session.h
@@ -111,10 +111,10 @@ public:
      bool tcp_init = false;
      uint32_t pkt_action_mask = ACTION_NOTHING;
      uint8_t ecn = 0;
-    int32_t ingress_index = 0;
-    int16_t ingress_group = 0;
-    int32_t egress_index = 0;
-    int16_t egress_group = 0;
+    int32_t ingress_index = DAQ_PKTHDR_UNKNOWN;
+    int16_t ingress_group = DAQ_PKTHDR_UNKNOWN;
+    int32_t egress_index = DAQ_PKTHDR_UNKNOWN;
+    int16_t egress_group = DAQ_PKTHDR_UNKNOWN;
      uint32_t daq_flags = 0;
      uint16_t address_space_id = 0;
      bool generate_3whs_alert = true;
author	Michael Altizer (mialtize) <mialtize@cisco.com>
	Wed, 2 Dec 2020 17:16:46 +0000 (17:16 +0000)
committer	Michael Altizer (mialtize) <mialtize@cisco.com>
	Wed, 2 Dec 2020 17:16:46 +0000 (17:16 +0000)
src/stream/tcp/tcp_stream_session.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_stream_session.h		patch \| blob \| blame \| history