From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Thu, 20 Jan 2022 18:09:35 +0000 (+0000)
Subject: Pull request #3241: appid: do not delay detection of SMB service for the sake of... 
X-Git-Tag: 3.1.21.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=739e690e1d7fb89ec2c25e2796b1afaeba003654;p=thirdparty%2Fsnort3.git

Pull request #3241: appid: do not delay detection of SMB service for the sake of version detection

Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_smb_early_detect to master

Squashed commit of the following:

commit 5e6f1ac35b1fbca5d112430f5626cc239742e026
Author: Shravan Rangaraju <shrarang@cisco.com>
Date:   Wed Jan 19 23:35:22 2022 -0500

    appid: do not delay detection of SMB service for the sake of version detection
---

diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.cc b/src/network_inspectors/appid/service_plugins/service_netbios.cc
index d22b89af0..e0b7fd69a 100644
--- a/src/network_inspectors/appid/service_plugins/service_netbios.cc
+++ b/src/network_inspectors/appid/service_plugins/service_netbios.cc
@@ -1044,6 +1044,8 @@ int NbssServiceDetector::validate(AppIdDiscoveryArgs& args)
                     data += nd->length;
                     nd->count++;
                     nd->state = NBSS_STATE_FLOW;
+                    retval = APPID_SUCCESS;
+                    args.asd.set_session_flags(APPID_SESSION_CONTINUE);
                 }
                 break;
             case NBSS_TYPE_RESP_RETARGET:
@@ -1087,10 +1089,11 @@ int NbssServiceDetector::validate(AppIdDiscoveryArgs& args)
                     if (nd->count < NBSS_COUNT_THRESHOLD)
                     {
                         nd->count++;
+                        retval = APPID_SUCCESS;
                         if (nd->count >= NBSS_COUNT_THRESHOLD)
-                        {
-                            retval = APPID_SUCCESS;
-                        }
+                            args.asd.clear_session_flags(APPID_SESSION_CONTINUE);
+                        else
+                            args.asd.set_session_flags(APPID_SESSION_CONTINUE);
                     }
                 }
                 break;
@@ -1112,10 +1115,11 @@ int NbssServiceDetector::validate(AppIdDiscoveryArgs& args)
                 if (nd->count < NBSS_COUNT_THRESHOLD)
                 {
                     nd->count++;
+                    retval = APPID_SUCCESS;
                     if (nd->count >= NBSS_COUNT_THRESHOLD)
-                    {
-                        retval = APPID_SUCCESS;
-                    }
+                        args.asd.clear_session_flags(APPID_SESSION_CONTINUE);
+                    else
+                        args.asd.set_session_flags(APPID_SESSION_CONTINUE);
                 }
             }
             break;
@@ -1127,11 +1131,17 @@ int NbssServiceDetector::validate(AppIdDiscoveryArgs& args)
         goto inprocess;
 
     if (!args.asd.is_service_detected())
+    {
         if (add_service(args.change_bits, args.asd, args.pkt, dir, nd->serviceAppId) == APPID_SUCCESS)
         {
             add_miscellaneous_info(args.asd, nd->miscAppId);
-            add_payload(args.asd, nd->payloadAppId);
+            if (!args.asd.get_session_flags(APPID_SESSION_CONTINUE))
+                add_payload(args.asd, nd->payloadAppId);
         }
+    }
+    else if (!args.asd.get_session_flags(APPID_SESSION_CONTINUE))
+        add_payload(args.asd, nd->payloadAppId);
+
     return APPID_SUCCESS;
 
 inprocess: