From: Brian Morris (bmorris2) <bmorris2@cisco.com>
Date: Tue, 8 Nov 2022 17:56:04 +0000 (+0000)
Subject: Pull request #3635: Allow ACT_TRUST to be used as a delayed action.
X-Git-Tag: 3.1.47.0~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8df002319e6be2d72ae50c665177edbaf00d749a;p=thirdparty%2Fsnort3.git

Pull request #3635: Allow ACT_TRUST to be used as a delayed action.

Merge in SNORT/snort3 from XTLS/snort3:osiryi_ddnd_no_tracker_main to master

Squashed commit of the following:

commit 5ddf1f2bb8d63d084752d34fc72d66ba1ec87e57
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:59:22 2022 -0400

    packet_io: The most strict delayed action takes precedence.

commit 9044167d9c016ee04b577adffdacad1689a47877
Author: Steve Chew <stechew@cisco.com>
Date:   Wed Oct 19 13:56:43 2022 -0400

    packet_io: Allow ACT_TRUST to be used as a delayed action.
---

diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc
index 33fcc23ae..b28be74c8 100644
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -724,6 +724,11 @@ void Active::set_delayed_action(ActiveActionType action, bool force)
 
 void Active::set_delayed_action(ActiveActionType action, ActiveAction* act, bool force)
 {
+    // Don't update the delayed active action to a less strict one, with
+    // the exception of going from allow to trust.
+    if(delayed_active_action >= action and delayed_active_action > ACT_ALLOW)
+        return;
+
     delayed_active_action = action;
 
     if (delayed_reject == nullptr)
@@ -755,6 +760,9 @@ void Active::apply_delayed_action(Packet* p)
         if (!retry_packet(p))
             drop_packet(p, force);
         break;
+    case ACT_TRUST:
+        trust_session(p, force);
+        break;
     default:
         break;
     }