From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri, 4 Oct 2024 11:44:56 +0000 (+0000)
Subject: Pull request #4467: ips: ignore proto when service supersedes ports
X-Git-Tag: 3.4.0.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30bc10b612388a5d7351d9dbcb49f0605d485131;p=thirdparty%2Fsnort3.git

Pull request #4467: ips: ignore proto when service supersedes ports

Merge in SNORT/snort3 from ~RUCOMBS/snort3:svc_proto to master

Squashed commit of the following:

commit 63858fa7c98027773703bf38a6df9015b62ab238
Author: Russ Combs <rucombs@cisco.com>
Date:   Tue Oct 1 10:03:47 2024 -0400

    ips: ignore proto when service supersedes ports
---

diff --git a/src/detection/rtn_checks.cc b/src/detection/rtn_checks.cc
index 2b9030266..2d39cf8fc 100644
--- a/src/detection/rtn_checks.cc
+++ b/src/detection/rtn_checks.cc
@@ -237,8 +237,11 @@ int CheckDstPortNotEq(Packet* p, RuleTreeNode* rtn_idx,
     return 0;
 }
 
-int CheckProto(Packet* p, RuleTreeNode* rtn_idx, RuleFpList*, int)
+int CheckProto(Packet* p, RuleTreeNode* rtn_idx, RuleFpList*, int check_ports)
 {
+    if ( !check_ports )
+        return 1;  // ignore proto when ignoring ports
+
     assert(rtn_idx->snort_protocol_id < SNORT_PROTO_MAX);
 
     const int proto_bits[SNORT_PROTO_MAX] =  // SNORT_PROTO_ to PROTO_BIT__*