From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) Date: Mon, 24 Oct 2022 12:39:20 +0000 (+0000) Subject: Pull request #3627: Fix for IPS context generation ID. X-Git-Tag: 3.1.45.0~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38501b0efa905d0cf93ebe2c4ba97483fbc51c09;p=thirdparty%2Fsnort3.git Pull request #3627: Fix for IPS context generation ID. Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fix_context_num to master Squashed commit of the following: commit 38089067c06c360c60bf48d2d142e993c50813bd Author: Oleksii Shumeiko Date: Fri Oct 21 18:06:08 2022 +0300 detection: check Pig run number in node state conditions --- diff --git a/src/detection/detection_continuation.h b/src/detection/detection_continuation.h index 24d30c50d..ffac8ec57 100644 --- a/src/detection/detection_continuation.h +++ b/src/detection/detection_continuation.h @@ -130,7 +130,8 @@ void Continuation::postpone(const Cursor& cursor, void Continuation::recall(dot_node_state_t& nst, const snort::Packet* p) { - if (nst.last_check.context_num != nst.conts_num) + if (nst.last_check.context_num != nst.context_num or + nst.last_check.run_num != nst.run_num) return; auto cnt = LState::erase_group((LState*&)nst.conts); @@ -268,9 +269,11 @@ void Continuation::add(const Cursor& cursor, auto nst = node.state + snort::get_instance_id(); assert(nst); - if (nst->last_check.context_num != nst->conts_num) + if (nst->last_check.context_num != nst->context_num or + nst->last_check.run_num != nst->run_num) { - nst->conts_num = nst->last_check.context_num; + nst->context_num = nst->last_check.context_num; + nst->run_num = nst->last_check.run_num; nst->conts = nullptr; } diff --git a/src/detection/detection_options.h b/src/detection/detection_options.h index 556fa2bd7..32323059e 100644 --- a/src/detection/detection_options.h +++ b/src/detection/detection_options.h @@ -63,7 +63,8 @@ struct dot_node_state_t char flowbit_failed; } last_check; void* conts; - uint64_t conts_num; + uint64_t context_num; + uint16_t run_num; // FIXIT-L perf profiler stuff should be factored of the node state struct hr_duration elapsed;