From: Sreeja Athirkandathil Narayanan (sathirka) Date: Wed, 20 Jul 2022 21:53:07 +0000 (+0000) Subject: Pull request #3524: appid: set persistent flag for sunrpc expected session X-Git-Tag: 3.1.38.0~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d6a95fe24ca2843d780b624ee0b237c0c66db61;p=thirdparty%2Fsnort3.git Pull request #3524: appid: set persistent flag for sunrpc expected session Merge in SNORT/snort3 from ~SATHIRKA/snort3:persistent_flag_sunrpc_ff to master Squashed commit of the following: commit 16568a1b61156bc63a96accb373e42f53b9e75e6 Author: Sreeja Athirkandathil Narayanan Date: Mon Jul 18 13:32:32 2022 -0400 appid: set persistent flag for sunrpc expected session --- diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index b6fc19d58..07130602b 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -206,7 +206,8 @@ static inline PktType get_pkt_type_from_ip_proto(IpProtocol proto) AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const SfIp* cliIp, uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto, - SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirectional) + SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirectional, + bool expect_persist) { enum PktType type = get_pkt_type_from_ip_proto(proto); @@ -232,7 +233,8 @@ AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const S is_session_monitored(asd->flags, ctrlPkt, *inspector); if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp, - cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, false, bidirectional)) + cliPort, srvIp, srvPort, snort_protocol_id, asd, swap_app_direction, false, + bidirectional, expect_persist)) { if (appidDebug->is_active()) { diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index 3c456a661..37472ec4e 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -233,7 +233,7 @@ public: AppidSessionDirection, AppIdInspector&, OdpContext&); static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t, const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false, - bool bidirectional=false); + bool bidirectional=false, bool expect_persist=false); void initialize_future_session(AppIdSession&, uint64_t); snort::Flow* flow = nullptr; diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc index a52b8627d..93efbca8b 100644 --- a/src/network_inspectors/appid/service_plugins/service_rpc.cc +++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc @@ -493,7 +493,7 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi const SfIp* dip = pkt->ptrs.ip_api.get_dst(); AppIdSession* fsession = AppIdSession::create_future_session( pkt, dip, 0, &sip, port, rd->proto, - asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC]); + asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC], false, false, true); if (fsession) { @@ -519,8 +519,8 @@ int RpcServiceDetector::validate_packet(const uint8_t* data, uint16_t size, Appi tmp = ntohl(pmr->port); AppIdSession* pf = AppIdSession::create_future_session( - pkt, dip, 0, sip, (uint16_t)tmp, - rd->proto,asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC]); + pkt, dip, 0, sip, (uint16_t)tmp, rd->proto, + asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC], false, false, true); if (pf) {