From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Fri, 12 Mar 2021 15:37:13 +0000 (+0000)
Subject: Merge pull request #2771 in SNORT/snort3 from ~KBHANDAN/snort3:pt_shell_nonip to... 
X-Git-Tag: 3.1.3.0~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31c9ab9250b85c694e38b2a944de3c9c55e2ec77;p=thirdparty%2Fsnort3.git

Merge pull request #2771 in SNORT/snort3 from ~KBHANDAN/snort3:pt_shell_nonip to master

Squashed commit of the following:

commit 0e87af6c8591908e68e8e3b60f98ff593566ef96
Author: Kaushal Bhandankar <kbhandan@cisco.com>
Date:   Tue Mar 2 11:35:49 2021 -0500

    packet_tracer: Do not log non-IP packets when enabled from shell and when a constraint is set
---

diff --git a/src/framework/packet_constraints.cc b/src/framework/packet_constraints.cc
index 884cbf49a..57a8c55ee 100644
--- a/src/framework/packet_constraints.cc
+++ b/src/framework/packet_constraints.cc
@@ -61,7 +61,12 @@ bool PacketConstraints::packet_match(const Packet& p) const
         return false;
 
     if ( !p.has_ip() )
-        return false;
+    {
+        if ( set_bits & (SetBits::IP_PROTO|SetBits::SRC_PORT|SetBits::DST_PORT|SetBits::SRC_IP|SetBits::DST_IP) )
+            return false;
+        else
+            return true;
+    }
 
     if ( (set_bits & SetBits::IP_PROTO) and (p.get_ip_proto_next() != ip_proto) )
         return false;
diff --git a/src/network_inspectors/packet_tracer/packet_tracer.cc b/src/network_inspectors/packet_tracer/packet_tracer.cc
index d711facb6..5acb55be3 100644
--- a/src/network_inspectors/packet_tracer/packet_tracer.cc
+++ b/src/network_inspectors/packet_tracer/packet_tracer.cc
@@ -235,6 +235,13 @@ void PacketTracer::activate(const Packet& p)
 
     if (s_pkt_trace->user_enabled or s_pkt_trace->shell_enabled)
     {
+        if (s_pkt_trace->shell_enabled and
+                !s_pkt_trace->constraints.packet_match(p))
+        {
+            s_pkt_trace->active = false;
+            return;
+        }
+
         if (!p.ptrs.ip_api.is_ip())
         {
             s_pkt_trace->add_eth_header_info(p);
@@ -242,12 +249,6 @@ void PacketTracer::activate(const Packet& p)
         }
         else
         {
-            if (s_pkt_trace->shell_enabled and
-                !s_pkt_trace->constraints.packet_match(p))
-            {
-                s_pkt_trace->active = false;
-                return;
-            }
             s_pkt_trace->active = true;
             s_pkt_trace->add_ip_header_info(p);
         }