From: Steve Chew (stechew) <stechew@cisco.com>
Date: Wed, 9 Nov 2022 19:02:32 +0000 (+0000)
Subject: Pull request #3646: main: Dump packet trace after publishing finalize event since... 
X-Git-Tag: 3.1.47.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e2bb320c30058655e54ecb864e7183ccb2f311e;p=thirdparty%2Fsnort3.git

Pull request #3646: main: Dump packet trace after publishing finalize event since verdict could be modified.

Merge in SNORT/snort3 from ~STECHEW/snort3:move_packet_trace_after_finalize to master

Squashed commit of the following:

commit 98bdf68786445cf2d0ba4993550196295a8957ff
Author: Steve Chew <stechew@cisco.com>
Date:   Sun Oct 30 23:15:59 2022 -0400

    main: Dump packet trace after publishing finalize event since verdict could be modified.
---

diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 2424c6d42..9003760c0 100644
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -298,6 +298,27 @@ static DAQ_Verdict distill_verdict(Packet* p)
     return verdict;
 }
 
+static void packet_trace_dump(Packet* p, DAQ_Verdict verdict, bool msg_was_held)
+{
+    if (PacketTracer::is_active())
+    {
+        PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n",
+            get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id,
+            get_ips_policy()->user_policy_id);
+
+        if (p->active->packet_retry_requested())
+            PacketTracer::log("Verdict: Queuing for Retry\n");
+        else if (msg_was_held)
+            PacketTracer::log("Verdict: Holding for Detection\n");
+        else
+            PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict));
+        PacketTracer::dump(p);
+    }
+
+    if (PacketTracer::is_daq_activated())
+        PacketTracer::daq_dump(p);
+}
+
 void Analyzer::add_to_retry_queue(DAQ_Msg_h daq_msg)
 {
     retry_queue->put(daq_msg);
@@ -333,24 +354,6 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
             verdict = distill_verdict(p);
     }
 
-    if (PacketTracer::is_active())
-    {
-        PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n",
-            get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id,
-            get_ips_policy()->user_policy_id);
-
-        if (p->active->packet_retry_requested())
-            PacketTracer::log("Verdict: Queuing for Retry\n");
-        else if (msg_was_held)
-            PacketTracer::log("Verdict: Holding for Detection\n");
-        else
-            PacketTracer::log("Verdict: %s\n", SFDAQ::verdict_to_string(verdict));
-        PacketTracer::dump(p);
-    }
-
-    if (PacketTracer::is_daq_activated())
-        PacketTracer::daq_dump(p);
-
     HighAvailabilityManager::process_update(p->flow, p);
 
     if (verdict != MAX_DAQ_VERDICT)
@@ -363,6 +366,8 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
             DataBus::publish(FINALIZE_PACKET_EVENT, event);
         }
 
+        packet_trace_dump(p, verdict, msg_was_held);
+
         if (verdict == DAQ_VERDICT_BLOCK or verdict == DAQ_VERDICT_BLACKLIST)
             p->active->send_reason_to_daq(*p);
 
@@ -374,6 +379,10 @@ void Analyzer::post_process_daq_pkt_msg(Packet* p)
             p->daq_instance->finalize_message(p->daq_msg, verdict);
         }
     }
+    else
+    {
+        packet_trace_dump(p, verdict, msg_was_held);
+    }
 }
 
 void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry)