From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed, 25 Aug 2021 19:29:51 +0000 (+0000)
Subject: Merge pull request #3030 in SNORT/snort3 from ~RUCOMBS/snort3:frag_wiz to master
X-Git-Tag: 3.1.11.0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=513f24db8e7f6c52816c59320920d35f691430de;p=thirdparty%2Fsnort3.git

Merge pull request #3030 in SNORT/snort3 from ~RUCOMBS/snort3:frag_wiz to master

Squashed commit of the following:

commit 915930c0405ceaa40b6c6ca640160f9bbcc3b0f6
Author: russ <rucombs@cisco.com>
Date:   Tue Aug 17 20:23:32 2021 -0400

    inspection: process wizard matches on defragged packets
---

diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc
index e34695156..44c0cd90d 100644
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -1175,7 +1175,7 @@ void InspectorManager::full_inspection(Packet* p)
 {
     Flow* flow = p->flow;
 
-    if ( flow->service and flow->clouseau and !p->is_cooked() )
+    if ( flow->service and flow->clouseau and (!(p->is_cooked()) or p->is_defrag()) )
         bumble(p);
 
     // For reassembled PDUs, a null data buffer signals no detection. Detection can be required
diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index af1dcaf75..4a90e7454 100644
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -303,6 +303,9 @@ struct SO_PUBLIC Packet
     bool is_rebuilt() const
     { return (packet_flags & (PKT_REBUILT_STREAM|PKT_REBUILT_FRAG)) != 0; }
 
+    bool is_defrag() const
+    { return (packet_flags & PKT_REBUILT_FRAG) != 0; }
+
     bool is_retry() const
     { return (packet_flags & PKT_RETRY) != 0; }