From: Tom Peters (thopeter) Date: Thu, 18 Mar 2021 15:17:42 +0000 (+0000) Subject: Merge pull request #2797 in SNORT/snort3 from ~MDAGON/snort3:detection to master X-Git-Tag: 3.1.3.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e587b114a91a105ec468d89ebba37db484b2419;p=thirdparty%2Fsnort3.git Merge pull request #2797 in SNORT/snort3 from ~MDAGON/snort3:detection to master Squashed commit of the following: commit bbfa5a891df785f60d423c84c1c55b125b4c07f0 Author: Maya Dagon Date: Mon Mar 15 16:04:54 2021 -0400 detection: update detection.alert, to be used instead of reputation.total_alerts --- diff --git a/src/detection/detect.cc b/src/detection/detect.cc index 5f77ff9d1..cce1b50ab 100644 --- a/src/detection/detect.cc +++ b/src/detection/detect.cc @@ -38,6 +38,7 @@ #include "packet_io/active.h" #include "ports/port_object.h" #include "profiler/profiler_defs.h" +#include "reputation/reputation_common.h" #include "sfip/sf_ipvar.h" #include "stream/stream.h" #include "utils/stats.h" @@ -103,14 +104,11 @@ void CallAlertFuncs(Packet* p, const OptTreeNode* otn, ListHead* head) pc.total_alert_pkts++; -#if 0 - // FIXIT-RC DELETE THIS this should be a generic feature of otn if ( otn->sigInfo.gid != GID_REPUTATION ) { /* Don't include IP Reputation events in count */ pc.alert_pkts++; } -#endif OutputSet* idx = head ? head->AlertList : nullptr; EventManager::call_alerters(idx, p, otn->sigInfo.message.c_str(), event); diff --git a/src/network_inspectors/reputation/reputation_config.h b/src/network_inspectors/reputation/reputation_config.h index 9ef911fcc..83869faab 100644 --- a/src/network_inspectors/reputation/reputation_config.h +++ b/src/network_inspectors/reputation/reputation_config.h @@ -109,7 +109,6 @@ struct ReputationStats PegCount trusted; PegCount monitored; PegCount memory_allocated; - PegCount total_alerts; }; extern const PegInfo reputation_peg_names[]; diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc index ce17ce5f2..d1cbb6ab3 100644 --- a/src/network_inspectors/reputation/reputation_inspect.cc +++ b/src/network_inspectors/reputation/reputation_inspect.cc @@ -49,7 +49,6 @@ const PegInfo reputation_peg_names[] = { CountType::SUM, "trusted", "number of packets trusted" }, { CountType::SUM, "monitored", "number of packets monitored" }, { CountType::SUM, "memory_allocated", "total memory allocated" }, -{ CountType::SUM, "total_alerts", "total alerts triggered" }, { CountType::END, nullptr, nullptr } }; @@ -277,7 +276,6 @@ static void snort_reputation(ReputationConfig* config, Packet* p) act->block_session(p, true); act->set_drop_reason("reputation"); reputationstats.blocked++; - reputationstats.total_alerts++; if (PacketTracer::is_active()) PacketTracer::log("Reputation: packet blocked, drop\n"); } @@ -295,7 +293,6 @@ static void snort_reputation(ReputationConfig* config, Packet* p) DetectionEngine::queue_event(GID_REPUTATION, monitor_event); reputationstats.monitored++; - reputationstats.total_alerts++; } else if (TRUSTED_SRC == decision or TRUSTED_DST == decision) @@ -312,7 +309,6 @@ static void snort_reputation(ReputationConfig* config, Packet* p) DetectionEngine::queue_event(GID_REPUTATION, allowlist_event); act->trust_session(p, true); reputationstats.trusted++; - reputationstats.total_alerts++; } }