From: Masud Hasan (mashasan) <mashasan@cisco.com>
Date: Fri, 12 Mar 2021 15:14:19 +0000 (+0000)
Subject: Merge pull request #2783 in SNORT/snort3 from ~ARMANDAV/snort3:passive to master
X-Git-Tag: 3.1.3.0~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7a2effc8b51d26d622f2d942d8c3d0ab0ac6043;p=thirdparty%2Fsnort3.git

Merge pull request #2783 in SNORT/snort3 from ~ARMANDAV/snort3:passive to master

Squashed commit of the following:

commit 003c442bf581f1d77a2d17263b57728b132830f2
Author: Arun Mandava <armandav@cisco.com>
Date:   Tue Mar 9 09:31:41 2021 -0500

    rna: Make discovery filter to use client and server interfaces if they are not DAQ_PKTHDR_UNKNOWN
---

diff --git a/src/helpers/discovery_filter.cc b/src/helpers/discovery_filter.cc
index d44dd7b10..58489dd9b 100644
--- a/src/helpers/discovery_filter.cc
+++ b/src/helpers/discovery_filter.cc
@@ -250,23 +250,22 @@ bool DiscoveryFilter::is_monitored(const Packet* p, FilterType type, const SfIp*
     if ( intf_ip_list[type].empty() )
         return false; // the configuration did not have this type of rule
 
-    int32_t intf;
+    int32_t intf = p->pkth->ingress_index;
     const SfIp* host_ip;
     if ( flowdir == FlowCheckDirection::DF_SERVER )
     {
-        intf = (int32_t)p->flow->server_intf;
+        if ( p->flow->server_intf != DAQ_PKTHDR_UNKNOWN )
+            intf = p->flow->server_intf;
         host_ip = &p->flow->server_ip;
     }
     else if ( flowdir == FlowCheckDirection::DF_CLIENT )
     {
-        intf = (int32_t)p->flow->client_intf;
+        if ( p->flow->client_intf != DAQ_PKTHDR_UNKNOWN )
+            intf = p->flow->client_intf;
         host_ip = &p->flow->client_ip;
     }
     else
-    {
-        intf = (int32_t)p->pkth->ingress_index;
         host_ip = p->ptrs.ip_api.get_src();
-    }
 
     if ( intf == DAQ_PKTHDR_UNKNOWN or intf < 0 )
         intf = DF_ANY_INTF;