From: Kumar swamy Nagabhushana (kumhn) Date: Mon, 27 May 2024 06:03:25 +0000 (+0000) Subject: Pull request #4322: dce_smb: Do not prune from LRU cache during file tracker update X-Git-Tag: 3.2.2.0~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01b9af4c9b6c6950eaf34d6d8cb1c8afb7a1cef8;p=thirdparty%2Fsnort3.git Pull request #4322: dce_smb: Do not prune from LRU cache during file tracker update Merge in SNORT/snort3 from ~KUMHN/snort3:automation_crash to master Squashed commit of the following: commit 858982dde3b99249dac7191f21d08a713fbaa350 Author: kumhn Date: Wed May 15 11:16:09 2024 +0530 dce_smb: Do not prune from LRU cache during file tracker update --- diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc index 4e6b48f11..5f7855ea8 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2.cc @@ -265,15 +265,7 @@ static inline bool DCE2_Smb2FindSidTid(DCE2_Smb2SsnData* ssd, const uint64_t sid const uint32_t tid, const uint32_t mid, DCE2_Smb2SessionTracker** str, DCE2_Smb2TreeTracker** ttr, bool lookup_cache = false) { - if(lookup_cache) - { - auto key = get_key(sid); - *str = smb2_session_cache->find(key).get(); - } - else - { - *str = DCE2_Smb2FindSidInSsd(ssd, sid).get(); - } + *str = DCE2_Smb2FindSidInSsd(ssd, sid).get(); if (!*str) { if (lookup_cache) diff --git a/src/service_inspectors/dce_rpc/dce_smb2.h b/src/service_inspectors/dce_rpc/dce_smb2.h index 50263a3d1..fa3108cfb 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.h +++ b/src/service_inspectors/dce_rpc/dce_smb2.h @@ -235,7 +235,7 @@ struct Smb2SidHashKey int16_t sgroup = 0; uint32_t addressSpaceId = 0; uint16_t vlan_tag = 0; - uint16_t padding = 0; + uint16_t dport = 0; uint64_t sid = 0; uint32_t tenant_id = 0; uint32_t padding2 = 0; // NOTE: If this changes, change do_hash too @@ -256,6 +256,7 @@ struct Smb2SidHashKey addressSpaceId == other.addressSpaceId and vlan_tag == other.vlan_tag and sid == other.sid and + dport == other.dport and tenant_id == other.tenant_id ); } }; @@ -341,7 +342,7 @@ private: mix(a, b, c); - a += d[12]; // vlan & pad + a += d[12]; // vlan & dport b += d[13]; // ip_proto, pkt_type, version, flags finalize(a, b, c); diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc index 6e66caf6a..10ef2ba8d 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.cc @@ -43,6 +43,7 @@ Smb2SidHashKey get_key(uint64_t sid) memcpy(key.cip, flow->client_ip.get_ip6_ptr(), 4 * sizeof(uint32_t)); memcpy(key.sip, flow->server_ip.get_ip6_ptr(), 4 * sizeof(uint32_t)); key.mplsLabel = flow->key->mplsLabel; + key.dport = flow->server_port; key.cgroup = flow->client_group; key.sgroup = flow->server_group; key.addressSpaceId = flow->key->addressSpaceId; diff --git a/src/service_inspectors/dce_rpc/dce_smb2_utils.h b/src/service_inspectors/dce_rpc/dce_smb2_utils.h index aaae97121..2647761a0 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2_utils.h +++ b/src/service_inspectors/dce_rpc/dce_smb2_utils.h @@ -49,9 +49,6 @@ public: current_size += size; if ( size > 0) { - // Checking 1+ size prevents crash if max_size is too low to hold even a single entry - if ( current_size > max_size and list.size() > 1 ) - LruLocal::prune(); if ( stats.cache_max < current_size ) stats.cache_max = current_size; }