From: Masud Hasan (mashasan) Date: Tue, 18 May 2021 22:22:52 +0000 (+0000) Subject: Merge pull request #2886 in SNORT/snort3 from ~MMATIRKO/snort3:monitor_but_better... X-Git-Tag: 3.1.5.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45fbe65cd8da442bf04b4f18ff0139dd4d3e44fe;p=thirdparty%2Fsnort3.git Merge pull request #2886 in SNORT/snort3 from ~MMATIRKO/snort3:monitor_but_better to master Squashed commit of the following: commit 72c8a3dc6e826e107e11ff901c9d14f6bb9f5ed2 Author: Michael Matirko Date: Thu May 13 12:07:52 2021 -0400 reputation: track monitor ID via flow; minor code cleanup --- diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc index cd4bf555b..dff5981d1 100644 --- a/src/codecs/ip/cd_tcp.cc +++ b/src/codecs/ip/cd_tcp.cc @@ -627,7 +627,7 @@ bool TcpCodec::encode(const uint8_t* const raw_in, const uint16_t /*raw_len*/, if (enc.flags & ENC_FLAG_INLINE) { uint32_t seq = 0; - + if(Stream::get_held_pkt_seq(flow, seq)) tcph_out->th_seq = htonl(seq); else diff --git a/src/flow/flow.h b/src/flow/flow.h index 6005154d5..2f94a7a66 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -441,6 +441,8 @@ public: // FIXIT-M privatize if possible unsigned network_policy_id; unsigned reload_id; + uint32_t iplist_monitor_id; + uint32_t default_session_timeout; int32_t client_intf; diff --git a/src/framework/module.cc b/src/framework/module.cc index 3d02eef9e..3c9f5adbd 100644 --- a/src/framework/module.cc +++ b/src/framework/module.cc @@ -145,7 +145,7 @@ void Module::show_stats() void Module::reset_stats() { PegCount* p = get_counts(); - + if ( !p ) return; diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index 0736cf176..e34695156 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -628,7 +628,7 @@ Inspector* InspectorManager::get_service_inspector_by_id(const SnortProtocolId p if ( !pi || !pi->framework_policy ) return nullptr; - + auto g = pi->framework_policy->inspector_cache_by_id.find(protocol_id); return (g != pi->framework_policy->inspector_cache_by_id.end()) ? g->second : nullptr; } diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 9461e2511..10e85a15b 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -1434,10 +1434,9 @@ void ModuleManager::reset_stats(clear_counter_type_t type) lock_guard lock(stats_mutex); mh->mod->reset_stats(); } - } else - { + { auto mod_hooks = get_all_modhooks(); for ( auto* mh : mod_hooks ) { diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc index 74ce5216f..7d316f0b7 100644 --- a/src/network_inspectors/reputation/reputation_inspect.cc +++ b/src/network_inspectors/reputation/reputation_inspect.cc @@ -297,7 +297,10 @@ static void snort_reputation_aux_ip(ReputationConfig* config, Packet* p, const S else if (decision == MONITORED) { if (p->flow) + { p->flow->flags.reputation_monitor = true; + p->flow->iplist_monitor_id = p->iplist_id; + } DetectionEngine::queue_event(GID_REPUTATION, REPUTATION_EVENT_MONITOR_DST); reputationstats.aux_ip_monitored++; diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 57ce53833..ade7611e0 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -1032,7 +1032,7 @@ static DCE2_SmbRequestTracker* DCE2_SmbInspect(DCE2_SmbSsnData* ssd, const SmbNt int smb_com = SmbCom(smb_hdr); if (smb_com < 0 or smb_com > 255) return nullptr; - + debug_logf(dce_smb_trace, DetectionEngine::get_current_packet(), "SMB command: %s (0x%02X)\n", get_smb_com_string(smb_com), smb_com);