From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon, 17 Jun 2019 00:49:06 +0000 (-0400)
Subject: Merge pull request #1603 in SNORT/snort3 from ~BRASTULT/snort3:fp_detect_fix to master
X-Git-Tag: 3.0.0-257~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f54ed99caa0838b9909b1803cc2cd8ea1dab400;p=thirdparty%2Fsnort3.git

Merge pull request #1603 in SNORT/snort3 from ~BRASTULT/snort3:fp_detect_fix to master

Squashed commit of the following:

commit 4ab32a7ec9d864cf0f2874a40df203b256434769
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri May 10 01:18:44 2019 -0400

    detection: on PDUs search TCP/UDP portgroups even when user_mode services exist
---

diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc
index c4a42f1e6..e5db0d3dc 100644
--- a/src/detection/fp_detect.cc
+++ b/src/detection/fp_detect.cc
@@ -1276,8 +1276,7 @@ static void fpEvalPacket(Packet* p, FPTask task)
         if ( SnortConfig::get_conf()->sopgTable->user_mode )
             fpEvalHeaderSvc(p, omd, SNORT_PROTO_USER, task);
 
-        // use ports if we don't know service or don't have rules
-        else if ( p->proto_bits & PROTO_BIT__TCP )
+        if ( p->proto_bits & PROTO_BIT__TCP )
         {
             if ( p->get_snort_protocol_id() == UNKNOWN_PROTOCOL_ID or !fpEvalHeaderSvc(p, omd, SNORT_PROTO_TCP, task) )
                 fpEvalHeaderTcp(p, omd, task);