From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Mon, 24 May 2021 17:50:35 +0000 (+0000)
Subject: Merge pull request #2896 in SNORT/snort3 from ~ARMANDAV/snort3:ratefilter to master
X-Git-Tag: 3.1.6.0~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a9a2f6a4fb433fcfc9fb5f4b2633f13c52c7d60;p=thirdparty%2Fsnort3.git

Merge pull request #2896 in SNORT/snort3 from ~ARMANDAV/snort3:ratefilter to master

Squashed commit of the following:

commit 381fb7df3faa8e3185c6c6fc29cba022031260bd
Author: Arun Mandava <armandav@cisco.com>
Date:   Wed May 12 14:37:59 2021 -0400

    filters: Change rate filter to use network policy id instead of ips policy id
---

diff --git a/src/filters/rate_filter.cc b/src/filters/rate_filter.cc
index bfbc6194c..cdf153ee0 100644
--- a/src/filters/rate_filter.cc
+++ b/src/filters/rate_filter.cc
@@ -133,12 +133,12 @@ int RateFilter_Test(const OptTreeNode* otn, Packet* p)
         // events and these require: src -> client, dst -> server.
         if ( p->is_from_server() )
         {
-            return SFRF_TestThreshold(
-                rfc, gid, sid, dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
+            return SFRF_TestThreshold(rfc, gid, sid, get_network_policy()->policy_id,
+                dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
         }
     }
 
-    return SFRF_TestThreshold(
-        rfc, gid, sid, sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
+    return SFRF_TestThreshold(rfc, gid, sid, get_network_policy()->policy_id,
+        sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
 }
 
diff --git a/src/filters/sfrf.cc b/src/filters/sfrf.cc
index 008aec74e..11f98c75f 100644
--- a/src/filters/sfrf.cc
+++ b/src/filters/sfrf.cc
@@ -445,6 +445,7 @@ int SFRF_TestThreshold(
     RateFilterConfig* config,
     unsigned gid,
     unsigned sid,
+    PolicyId policy_id,
     const SfIp* sip,
     const SfIp* dip,
     time_t curTime,
@@ -458,8 +459,6 @@ int SFRF_TestThreshold(
     int status = -1;
     tSFRFGenHashKey key;
 
-    PolicyId policy_id = get_ips_policy()->policy_id;
-
 #ifdef SFRF_DEBUG
     printf("--%d-%u-%u: %s() entering\n", 0, gid, sid, __func__);
     fflush(stdout);
@@ -769,7 +768,7 @@ static void _updateDependentThresholds(
         // 4.    |       _updateDependentThresholds(gid internal, sid ADD)
         // 5.    continue with regularly scheduled programming (ie step 1)
 
-        SFRF_TestThreshold(config, gid, SESSION_EVENT_SETUP,
+        SFRF_TestThreshold(config, gid, SESSION_EVENT_SETUP, get_network_policy()->policy_id,
             sip, dip, curTime, SFRF_COUNT_DECREMENT);
         return;
     }
diff --git a/src/filters/sfrf.h b/src/filters/sfrf.h
index 0a9cbf936..9e0921452 100644
--- a/src/filters/sfrf.h
+++ b/src/filters/sfrf.h
@@ -163,6 +163,7 @@ int SFRF_TestThreshold(
     RateFilterConfig *config,
     unsigned gid,
     unsigned sid,
+    PolicyId policyid,
     const snort::SfIp *sip,
     const snort::SfIp *dip,
     time_t curTime,
diff --git a/src/filters/sfrf_test.cc b/src/filters/sfrf_test.cc
index c1c66b521..85ff86ac4 100644
--- a/src/filters/sfrf_test.cc
+++ b/src/filters/sfrf_test.cc
@@ -949,8 +949,8 @@ static int EventTest(EventData* p)
     sip.set(p->sip);
     dip.set(p->dip);
 
-    status = SFRF_TestThreshold(
-        rfc, p->gid, p->sid, &sip, &dip, curtime, op);
+    status = SFRF_TestThreshold(rfc, p->gid, p->sid, get_network_policy()->policy_id,
+        &sip, &dip, curtime, op);
 
     if ( status >= Actions::get_max_types() )
         status -= Actions::get_max_types();