From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Tue, 29 Sep 2020 13:40:27 +0000 (+0000)
Subject: Merge pull request #2501 in SNORT/snort3 from ~SMINUT/snort3:decode_flags to master
X-Git-Tag: 3.0.3-2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ed17a4c89874a42a84c89f4c9de92366d5ed983;p=thirdparty%2Fsnort3.git

Merge pull request #2501 in SNORT/snort3 from ~SMINUT/snort3:decode_flags to master

Squashed commit of the following:

commit b8abccac60ea75793729bb63472adad9c932773f
Author: Silviu Minut <sminut@cisco.com>
Date:   Fri Sep 25 10:31:14 2020 -0400

    framework: fix dont_fragment() function
---

diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc
index c1759bef1..41cb84662 100644
--- a/src/codecs/ip/cd_ipv4.cc
+++ b/src/codecs/ip/cd_ipv4.cc
@@ -296,7 +296,10 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
     }
 
     if (frag_off & 0x4000)
+    {
         codec.codec_flags |= CODEC_DF;
+        snort.decode_flags |= DECODE_DF;
+    }
 
     if (frag_off & 0x2000)
         snort.decode_flags |= DECODE_MF;
diff --git a/src/framework/decode_data.h b/src/framework/decode_data.h
index 817f806ad..8c10166fd 100644
--- a/src/framework/decode_data.h
+++ b/src/framework/decode_data.h
@@ -97,16 +97,17 @@ enum DecodeFlags : std::uint16_t
     DECODE_PKT_TRUST =      0x0020,  // trust this packet
     DECODE_FRAG =           0x0040,  // ip - fragmented packet
     DECODE_MF =             0x0080,  // ip - more fragments
+    DECODE_DF =             0x0100,  // ip - don't fragment
 
     // using decode flags in lieu of creating user layer for now
-    DECODE_C2S =            0x0100,  // user - client to server
-    DECODE_SOF =            0x0200,  // user - start of flow
-    DECODE_EOF =            0x0400,  // user - end of flow
-    DECODE_GTP =            0x0800,
-
-    DECODE_TCP_MSS =        0x1000,
-    DECODE_TCP_TS =         0x2000,
-    DECODE_TCP_WS =         0x4000,
+    DECODE_C2S =            0x0200,  // user - client to server
+    DECODE_SOF =            0x0400,  // user - start of flow
+    DECODE_EOF =            0x0800,  // user - end of flow
+    DECODE_GTP =            0x1000,
+
+    DECODE_TCP_MSS =        0x2000,
+    DECODE_TCP_TS =         0x4000,
+    DECODE_TCP_WS =         0x8000,
 };
 
 struct DecodeData
@@ -143,7 +144,7 @@ struct DecodeData
     { return type; }
 
     inline bool dont_fragment() const
-    { return decode_flags & DECODE_MF; }
+    { return ip_api.is_ip6() || decode_flags & DECODE_DF; }
 };
 
 #endif
diff --git a/src/network_inspectors/rna/rna_fingerprint_tcp.cc b/src/network_inspectors/rna/rna_fingerprint_tcp.cc
index 7852900df..f365f269a 100644
--- a/src/network_inspectors/rna/rna_fingerprint_tcp.cc
+++ b/src/network_inspectors/rna/rna_fingerprint_tcp.cc
@@ -197,7 +197,7 @@ const TcpFingerprint* TcpFpProcessor::get_tcp_fp(const FpTcpKey& key, uint8_t tt
         continue;  // tfp
 
     mssgood:
-        if (key.df == tfp->df &&
+        if ( (key.isIpv6 || key.df == tfp->df) &&  // don't check df for ipv6
             ttl <= tfp->ttl &&
             (tfp->ttl < MAXIMUM_FP_HOPS || ttl >= (tfp->ttl - MAXIMUM_FP_HOPS)))
         {