From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Fri, 24 Jan 2020 17:59:49 +0000 (+0000)
Subject: Merge pull request #1926 in SNORT/snort3 from ~SELYSENK/snort3:dont_log_zero_vid... 
X-Git-Tag: 3.0.0-268~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acae3cf0e8f0e67b4f826c7df5e5c4cf09711aff;p=thirdparty%2Fsnort3.git

Merge pull request #1926 in SNORT/snort3 from ~SELYSENK/snort3:dont_log_zero_vid to master

Squashed commit of the following:

commit acbf1f541bffec35d3d63a779c515287bd43255f
Author: Serhii Lysenko <selysenk@cisco.com>
Date:   Thu Jan 23 16:16:20 2020 +0200

    loggers: update vlan logging in csv and json loggers

    Log vlan id 0 if vlan_agnostic or untagged, use flow vlan id or packet
    vid otherwise.
---

diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc
index 0bd557886..18278f9ff 100644
--- a/src/loggers/alert_csv.cc
+++ b/src/loggers/alert_csv.cc
@@ -419,18 +419,7 @@ static void ff_udp_len(const Args& a)
 
 static void ff_vlan(const Args& a)
 {
-    uint16_t vid;
-
-    if (a.pkt->flow)
-        vid = a.pkt->flow->key->vlan_tag;
-
-    else if ( a.pkt->proto_bits & PROTO_BIT__VLAN )
-        vid = layer::get_vlan_layer(a.pkt)->vid();
-
-    else
-        return;
-
-    TextLog_Print(csv_log, "%hu", vid);
+    TextLog_Print(csv_log, "%hu", a.pkt->get_flow_vlan_id());
 }
 
 //-------------------------------------------------------------------------
diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc
index aeb24409b..1d075885f 100644
--- a/src/loggers/alert_json.cc
+++ b/src/loggers/alert_json.cc
@@ -581,19 +581,8 @@ static bool ff_udp_len(const Args& a)
 
 static bool ff_vlan(const Args& a)
 {
-    uint16_t vid;
-
-    if (a.pkt->flow)
-        vid = a.pkt->flow->key->vlan_tag;
-
-    else if ( a.pkt->proto_bits & PROTO_BIT__VLAN )
-        vid = layer::get_vlan_layer(a.pkt)->vid();
-
-    else
-        return false;
-
     print_label(a, "vlan");
-    TextLog_Print(json_log, "%hu", vid);
+    TextLog_Print(json_log, "%hu", a.pkt->get_flow_vlan_id());
     return true;
 }
 
diff --git a/src/protocols/packet.cc b/src/protocols/packet.cc
index 904208ab2..508e8d34d 100644
--- a/src/protocols/packet.cc
+++ b/src/protocols/packet.cc
@@ -31,6 +31,7 @@
 #include "managers/codec_manager.h"
 
 #include "packet_manager.h"
+#include "vlan.h"
 
 namespace snort
 {
@@ -250,5 +251,17 @@ SnortProtocolId Packet::get_snort_protocol_id()
     return flow ? flow->ssn_state.snort_protocol_id : UNKNOWN_PROTOCOL_ID;
 }
 
+uint16_t Packet::get_flow_vlan_id() const
+{
+    uint16_t vid = 0;
+
+    if (flow)
+        vid = flow->key->vlan_tag;
+    else if ( !SnortConfig::get_vlan_agnostic() and (proto_bits & PROTO_BIT__VLAN) )
+        vid = layer::get_vlan_layer(this)->vid();
+
+    return vid;
+}
+
 } // namespace snort
 
diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 54724d0db..d36035ec5 100644
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -305,6 +305,8 @@ struct SO_PUBLIC Packet
             flow->ssn_state.snort_protocol_id = proto_id;
     }
 
+    uint16_t get_flow_vlan_id() const;
+
 private:
     bool allocated;
 };