From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed, 8 Sep 2021 18:03:37 +0000 (+0000)
Subject: Merge pull request #3044 in SNORT/snort3 from ~RUCOMBS/snort3:shock_top to master
X-Git-Tag: 3.1.13.0~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a08c35b377c2c61ccf4be41004b4a822aead6d2;p=thirdparty%2Fsnort3.git

Merge pull request #3044 in SNORT/snort3 from ~RUCOMBS/snort3:shock_top to master

Squashed commit of the following:

commit 85b754bcf81f1444e34ade76f35a6c574e33ccb8
Author: russ <rucombs@cisco.com>
Date:   Fri Aug 27 17:13:10 2021 -0400

    stream: fix session timeout of expired flows

commit bbce60041761886c547ef3790a5a17ba29260d96
Author: russ <rucombs@cisco.com>
Date:   Thu Aug 26 18:24:46 2021 -0400

    detection: add fast patterns only once per service group
---

diff --git a/src/detection/service_map.cc b/src/detection/service_map.cc
index f9e8b7a1f..695d54121 100644
--- a/src/detection/service_map.cc
+++ b/src/detection/service_map.cc
@@ -159,7 +159,7 @@ static void ServiceMapAddOtnRaw(GHash* table, const char* servicename, OptTreeNo
  *  service name.
  */
 static void ServiceMapAddOtn(
-    srmm_table_t* srmm, SnortProtocolId, const char* servicename, OptTreeNode* otn)
+    srmm_table_t* srmm, const char* servicename, OptTreeNode* otn)
 {
     assert(servicename and otn);
 
@@ -196,27 +196,19 @@ void fpCreateServiceMaps(SnortConfig* sc)
          hashNode = sc->otn_map->find_next())
     {
         OptTreeNode* otn = (OptTreeNode*)hashNode->data;
-        for (PolicyId policyId = 0;
-             policyId < otn->proto_node_num;
-             policyId++ )
+
+        // skip builtin rules
+        if ( otn->sigInfo.builtin )
+            continue;
+
+        /* Not enabled, don't do the FP content */
+        if ( !otn->enabled_somewhere() )
+            continue;
+
+        for ( const auto& svc : otn->sigInfo.services )
         {
-            RuleTreeNode* rtn = getRtnFromOtn(otn, policyId);
-            if ( rtn )
-            {
-                // skip builtin rules
-                if ( otn->sigInfo.builtin )
-                    continue;
-
-                /* Not enabled, don't do the FP content */
-                if ( !rtn->enabled() )
-                    continue;
-
-                for ( const auto& svc : otn->sigInfo.services )
-                {
-                    const char* s = svc.service.c_str();
-                    ServiceMapAddOtn(sc->srmmTable, rtn->snort_protocol_id, s, otn);
-                }
-            }
+            const char* s = svc.service.c_str();
+            ServiceMapAddOtn(sc->srmmTable, s, otn);
         }
     }
 }
diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index 20245dd26..7abd95ae5 100644
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -437,8 +437,10 @@ unsigned FlowControl::process(Flow* flow, Packet* p)
     if ( flow->flow_state != Flow::FlowState::SETUP )
     {
         flow->set_direction(p);
+
         // This call can reset the flow state to SETUP in lazy flow timeout cases
-        flow->session->precheck(p);
+        if ( flow->flow_state != Flow::FlowState::ALLOW )
+            flow->session->precheck(p);
     }
 
     if ( flow->flow_state != Flow::FlowState::SETUP )