From: Raza Shafiq (rshafiq) Date: Mon, 22 Jan 2024 16:18:02 +0000 (+0000) Subject: Pull request #4168: stream_tcp: persist disable_reassembly in Flow X-Git-Tag: 3.1.79.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cd29fe5f5c22a5527fd0a92e954c26858221b5e;p=thirdparty%2Fsnort3.git Pull request #4168: stream_tcp: persist disable_reassembly in Flow Merge in SNORT/snort3 from ~RSHAFIQ/snort3:gcp_perf to master Squashed commit of the following: commit 1e3853009369678775c85dc30d7f3669a352dcc2 Author: rshafiq Date: Wed Dec 13 17:23:28 2023 -0500 stream_tcp: persist disable_reassembly in Flow --- diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc index 95fa7c42b..ac701cbf1 100644 --- a/src/detection/ips_context.cc +++ b/src/detection/ips_context.cc @@ -107,6 +107,7 @@ void IpsContext::clear() if ( remove_gadget and packet->flow and !packet->is_rebuilt() ) { Stream::disable_reassembly(packet->flow); + packet->flow->flags.disable_reassembly_by_ips = true; if ( packet->flow->gadget ) packet->flow->clear_gadget(); diff --git a/src/flow/flow.h b/src/flow/flow.h index 17550b1a1..7246bbc61 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -501,6 +501,7 @@ public: // FIXIT-M privatize if possible bool retry_queued : 1; // Set if a packet was queued for retry for this flow bool ha_flow : 1; // Set if this flow was created by an HA message bool ips_event_suppressed : 1; // Set if event filters have suppressed ips event + bool disable_reassembly_by_ips : 1; // Set if IPS has disabled reassembly for this flow } flags = {}; FlowState flow_state = FlowState::SETUP; diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 51a289690..8ca8cf68d 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -1090,7 +1090,8 @@ void TcpSession::init_tcp_packet_analysis(TcpSegmentDescriptor& tsd) if ( !splitter_init and tsd.is_data_segment() and (tcp_init or is_midstream_allowed(tsd)) ) { - if ( !(tcp_config->flags & STREAM_CONFIG_NO_REASSEMBLY) ) + if ( !(tcp_config->flags & STREAM_CONFIG_NO_REASSEMBLY) and + !(tsd.get_flow()->flags.disable_reassembly_by_ips) ) { client.set_splitter(tsd.get_flow()); server.set_splitter(tsd.get_flow());