From: Mike Stepanek (mstepane) Date: Tue, 27 Jul 2021 17:47:27 +0000 (+0000) Subject: Merge pull request #2976 in SNORT/snort3 from ~SVLASIUK/snort3:fix_reject_inline_u2... X-Git-Tag: 3.1.9.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf62a22d43bb2d15b7425c5ec3e3118ead470e8d;p=thirdparty%2Fsnort3.git Merge pull request #2976 in SNORT/snort3 from ~SVLASIUK/snort3:fix_reject_inline_u2 to master Squashed commit of the following: commit a2fec11b2fe6016bc4cc2c342c3db5e5ed3af3b4 Author: Serhii Vlasiuk Date: Fri Jul 23 10:06:58 2021 +0300 framework: update base API version to 4 commit 4a3afcd4aeda61ac6ced9527582cee5601f2d6c7 Author: Serhii Vlasiuk Date: Fri Jul 9 16:32:22 2021 +0300 actions: session data stay accessible for loggers for reject rule action Reject action does reset session. Reset session includes drop flow in particular destruct HttpFlowData object. Alerts may include addiotional information from flow in case of unified2 events it aggregates http headers. To avoid bad access exceptions, flow data should be available in place of generating alerts and cleaned up after. --- diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc index 3cc202a01..d1a2b2a49 100644 --- a/src/actions/act_reject.cc +++ b/src/actions/act_reject.cc @@ -170,9 +170,11 @@ RejectAction::RejectAction(uint32_t f) : IpsAction(s_name, &rej_act_action) , re void RejectAction::exec(Packet* p, const OptTreeNode* otn) { - p->active->reset_session(p, get_active_action()); + p->active->update_reset_status(p, false); if ( otn ) Actions::alert(p, otn); + + p->active->reset_session(p, get_active_action(), false, true); } //------------------------------------------------------------------------- diff --git a/src/framework/base_api.h b/src/framework/base_api.h index 973ae216e..27a104b73 100644 --- a/src/framework/base_api.h +++ b/src/framework/base_api.h @@ -29,7 +29,7 @@ // this is the current version of the base api // must be prefixed to subtype version -#define BASE_API_VERSION 3 +#define BASE_API_VERSION 4 // set options to API_OPTIONS to ensure compatibility #ifndef API_OPTIONS diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc index 53d33aee0..1330ade92 100644 --- a/src/packet_io/active.cc +++ b/src/packet_io/active.cc @@ -679,12 +679,18 @@ void Active::reset_session(Packet* p, bool force) reset_session(p, &default_reset, force); } -void Active::reset_session(Packet* p, ActiveAction* reject, bool force) +void Active::update_reset_status(Packet* p, bool force) { active_action = ACT_RESET; update_status(p, force); +} - if ( force or (p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth))) +void Active::reset_session(Packet* p, ActiveAction* reject, bool force, bool skip_update_status) +{ + if ( !skip_update_status ) + update_reset_status(p, force); + + if ( force or (p->context->conf->inline_mode() and SFDAQ::forwarding_packet(p->pkth)) ) Stream::drop_flow(p); if (reject) diff --git a/src/packet_io/active.h b/src/packet_io/active.h index 1c184d30a..acd7655c0 100644 --- a/src/packet_io/active.h +++ b/src/packet_io/active.h @@ -126,7 +126,9 @@ public: void trust_session(Packet*, bool force = false); void block_session(Packet*, bool force = false); void reset_session(Packet*, bool force = false); - void reset_session(Packet*, snort::ActiveAction* r, bool force = false); + void reset_session(Packet*, snort::ActiveAction* r, bool force = false, + bool skip_update_status = false); + void update_reset_status(Packet*, bool force); static void queue(snort::ActiveAction* a, snort::Packet* p); static void clear_queue(snort::Packet*);