From: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon, 14 Oct 2024 17:51:58 +0000 (+0000)
Subject: Pull request #4479: packet_io: set the flow state to block when forcing the session... 
X-Git-Tag: 3.4.0.0~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85ef5ed5f7271515b5ef71dc8400dfa6a3155c21;p=thirdparty%2Fsnort3.git

Pull request #4479: packet_io: set the flow state to block when forcing the session block

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:block_flow_state to master

Squashed commit of the following:

commit fc47b9301b9d235d493929d0eb746cab06eef574
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Tue Oct 8 11:38:49 2024 -0400

    packet_io: set the flow state to block when forcing the session block
---

diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index 06aa63cc7..b033d13bf 100644
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -374,8 +374,6 @@ static void snort_reputation(const ReputationConfig& config, ReputationData& dat
         // disable all preproc analysis and detection for this packet
         DetectionEngine::disable_all(p);
         act->block_session(p, true);
-        if (p->flow)
-            p->flow->set_state(Flow::FlowState::BLOCK);
         act->set_drop_reason("reputation");
         reputationstats.blocked++;
         if (PacketTracer::is_active())
diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index fb1e22889..c141f1f93 100644
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -725,6 +725,9 @@ void Active::block_session(Packet* p, bool force)
     if ( force or (p->context->conf->ips_inline_mode() and SFDAQ::forwarding_packet(p->pkth)))
         Stream::block_flow(p);
 
+    if ( force and p->flow )
+        p->flow->set_state(Flow::FlowState::BLOCK);
+
     p->disable_inspect = true;
 }
 
diff --git a/src/payload_injector/payload_injector.cc b/src/payload_injector/payload_injector.cc
index da77f0d9c..cf46920db 100644
--- a/src/payload_injector/payload_injector.cc
+++ b/src/payload_injector/payload_injector.cc
@@ -156,9 +156,6 @@ InjectionReturnStatus PayloadInjector::inject_http_payload(Packet* p,
 
     DetectionEngine::disable_all(p);
 
-    if ( p->flow )
-        p->flow->set_state(Flow::FlowState::BLOCK);
-
     return status;
 }
 
diff --git a/src/payload_injector/test/payload_injector_test.cc b/src/payload_injector/test/payload_injector_test.cc
index ce4589f38..8a6765fc9 100644
--- a/src/payload_injector/test/payload_injector_test.cc
+++ b/src/payload_injector/test/payload_injector_test.cc
@@ -54,7 +54,11 @@ uint32_t Active::send_data(snort::Packet*, EncodeFlags, unsigned char const*, un
     return 1;
 }
 
-void Active::block_session(snort::Packet*, bool) { }
+void Active::block_session(snort::Packet* p, bool force)
+{
+    if (force and p->flow)
+        p->flow->set_state(Flow::FlowState::BLOCK);
+}
 void DetectionEngine::disable_all(snort::Packet*) { }
 Flow::~Flow() = default;
 IpsContext::IpsContext(unsigned int) { }