From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Mon, 12 Aug 2019 18:53:51 +0000 (-0400)
Subject: Merge pull request #1704 in SNORT/snort3 from ~MMATIRKO/snort3:iprep_monitor to master
X-Git-Tag: 3.0.0-259~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2999f3cbfbb952fb018e8951f02ab3c56ba039d0;p=thirdparty%2Fsnort3.git

Merge pull request #1704 in SNORT/snort3 from ~MMATIRKO/snort3:iprep_monitor to master

Squashed commit of the following:

commit 3e2f96ca0c53ebc5fa0df542a5b1df32be37e9df
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Fri Aug 2 16:48:10 2019 -0400

    reputation: Fixed issues with reputation monitor
---

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index c4b5fee71..e1cf7a3db 100644
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -32,6 +32,8 @@
 #include "network_inspectors/packet_tracer/packet_tracer.h"
 #include "packet_io/active.h"
 #include "profiler/profiler.h"
+#include "protocols/packet.h"
+
 
 #include "reputation_parse.h"
 
@@ -298,6 +300,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
     }
     else if (MONITORED == decision)
     {
+        p->packet_flags |= PKT_REP_MONITORED;
         DetectionEngine::queue_event(GID_REPUTATION, REPUTATION_EVENT_MONITOR);
         reputationstats.monitored++;
     }
diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 4901f5711..67d44926b 100644
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -79,11 +79,11 @@ class SFDAQInstance;
 #define PKT_IGNORE           0x00800000  /* this packet should be ignored, based on port */
 #define PKT_RETRANSMIT       0x01000000  // packet is a re-transmitted pkt.
 #define PKT_RETRY            0x02000000  /* this packet is being re-evaluated from the internal retry queue */
-#define PKT_UNUSED_FLAGS     0xfc000000
+#define PKT_REP_MONITORED    0x04000000   /* this packet is monitored by reputation */ 
+#define PKT_UNUSED_FLAGS     0xf8000000
 
 #define PKT_TS_OFFLOADED        0x01
 
-// 0x40000000 are available
 #define PKT_PDU_FULL (PKT_PDU_HEAD | PKT_PDU_TAIL)
 
 enum PseudoPacketType