From: Steve Chew (stechew) Date: Fri, 28 May 2021 18:02:25 +0000 (+0000) Subject: Merge pull request #2901 in SNORT/snort3 from ~DERAMADA/snort3:set_packet_context... X-Git-Tag: 3.1.6.0~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ea929d71a1bd6df13b47a33a3575eb4c70be9bf;p=thirdparty%2Fsnort3.git Merge pull request #2901 in SNORT/snort3 from ~DERAMADA/snort3:set_packet_context to master Squashed commit of the following: commit 78dd1cbbc6e4f52c0616652f38855ecdc5054290 Author: Deepak Ramadass Date: Fri May 21 11:06:39 2021 -0400 stream_tcp: populate flow contents in context for non-wire packets --- diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index c0a848740..46154430b 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -146,13 +146,16 @@ Packet* DetectionEngine::get_encode_packet() // we need to stay in the current context until rebuild is successful // any events while rebuilding will be logged against the current packet // however, rebuild is always in the next context, not current. -Packet* DetectionEngine::set_next_packet(Packet* parent) +Packet* DetectionEngine::set_next_packet(Packet* parent, Flow* flow) { static THREAD_LOCAL Active shutdown_active; static THREAD_LOCAL ActiveAction* shutdown_action = nullptr; wait_for_context(); IpsContext* c = Analyzer::get_switcher()->get_next(); + + Packet* p = c->packet; + if ( parent ) { if ( parent->flow ) @@ -162,12 +165,12 @@ Packet* DetectionEngine::set_next_packet(Packet* parent) } else { + if ( flow ) + p->context->snapshot_flow(flow); c->packet_number = get_packet_number(); c->wire_packet = nullptr; } - Packet* p = c->packet; - p->pkth = c->pkth; p->data = c->buf; p->pkt = c->buf; diff --git a/src/detection/detection_engine.h b/src/detection/detection_engine.h index 6e2063cfc..3129f9395 100644 --- a/src/detection/detection_engine.h +++ b/src/detection/detection_engine.h @@ -56,7 +56,7 @@ public: static Packet* get_current_packet(); static Packet* get_current_wire_packet(); - static Packet* set_next_packet(Packet* parent = nullptr); + static Packet* set_next_packet(Packet* parent = nullptr, Flow* flow = nullptr); static uint8_t* get_next_buffer(unsigned& max); static bool offload(Packet*); diff --git a/src/flow/test/flow_test.cc b/src/flow/test/flow_test.cc index f33049567..a8e8bfb1a 100644 --- a/src/flow/test/flow_test.cc +++ b/src/flow/test/flow_test.cc @@ -65,7 +65,7 @@ void FlowStash::reset() {} void DetectionEngine::onload(Flow*) {} -Packet* DetectionEngine::set_next_packet(Packet*) { return nullptr; } +Packet* DetectionEngine::set_next_packet(Packet*, Flow*) { return nullptr; } IpsContext* DetectionEngine::get_context() { return nullptr; } diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 76b064c32..d31d17d04 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -717,7 +717,7 @@ void TcpReassembler::final_flush(TcpReassemblerState& trs, Packet* p, uint32_t d static Packet* get_packet(Flow* flow, uint32_t flags, bool c2s) { - Packet* p = DetectionEngine::set_next_packet(); + Packet* p = DetectionEngine::set_next_packet(nullptr, flow); DAQ_PktHdr_t* ph = p->context->pkth; memset(ph, 0, sizeof(*ph));