From: Brandon Stultz (brastult) Date: Sat, 17 Jun 2023 15:40:14 +0000 (+0000) Subject: Pull request #3861: parser: base service_only on services not cursor type X-Git-Tag: 3.1.65.0~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6be17e632f6af89b48f40768b06133ced519a2ac;p=thirdparty%2Fsnort3.git Pull request #3861: parser: base service_only on services not cursor type Merge in SNORT/snort3 from ~BRASTULT/snort3:pkt_data_b64_fix to master Squashed commit of the following: commit 4c0959d1ce906b582268c2c639bf3788d40ff04f Author: Brandon Stultz Date: Fri May 19 12:51:15 2023 -0400 parser: base service_only on services not cursor type --- diff --git a/src/detection/fp_utils.cc b/src/detection/fp_utils.cc index dae70d9dc..094be3b48 100644 --- a/src/detection/fp_utils.cc +++ b/src/detection/fp_utils.cc @@ -531,6 +531,10 @@ void validate_services(SnortConfig* sc, OptTreeNode* otn) } svc = s; } + + if ( !svc.empty() or !multi_svc_buf.empty() or guess ) + otn->set_service_only(); + if ( otn->sigInfo.services.size() == 1 and !svc.empty() and otn->sigInfo.services[0].service != svc ) { ParseWarning(WARN_RULES, "%u:%u:%u has service:%s with %s buffer", @@ -560,8 +564,6 @@ void validate_services(SnortConfig* sc, OptTreeNode* otn) if ( !strcmp(guess, "netbios-ssn") ) // :( add_service_to_otn(sc, otn, "dcerpc"); - - otn->set_service_only(); } } diff --git a/src/parser/parse_rule.cc b/src/parser/parse_rule.cc index 7b2d1c1ff..d6e8eae7d 100644 --- a/src/parser/parse_rule.cc +++ b/src/parser/parse_rule.cc @@ -1014,11 +1014,7 @@ void parse_rule_opt_end(SnortConfig* sc, const char* key, OptTreeNode* otn) CursorActionType cat = ips ? ips->get_cursor_type() : CAT_NONE; if ( cat > CAT_ADJUST ) - { - if ( cat != CAT_SET_RAW ) - otn->set_service_only(); buf_is_set = true; - } if ( type != OPT_TYPE_META ) otn->num_detection_opts++;