From: Masud Hasan (mashasan) Date: Thu, 1 Oct 2020 14:40:55 +0000 (+0000) Subject: Merge pull request #2519 in SNORT/snort3 from ~MMATIRKO/snort3:os_fix to master X-Git-Tag: 3.0.3-2~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8f16ce2325e0908c5ac058f49dae8ca3becf54e;p=thirdparty%2Fsnort3.git Merge pull request #2519 in SNORT/snort3 from ~MMATIRKO/snort3:os_fix to master Squashed commit of the following: commit c15937d1dc3c00f172cde8f1f91110477488bd1d Author: Michael Matirko Date: Wed Sep 30 14:56:04 2020 -0400 rna: add event_time to rna logger events --- diff --git a/src/network_inspectors/rna/rna_app_discovery.cc b/src/network_inspectors/rna/rna_app_discovery.cc index 6298a78a4..f8d021ec1 100644 --- a/src/network_inspectors/rna/rna_app_discovery.cc +++ b/src/network_inspectors/rna/rna_app_discovery.cc @@ -205,7 +205,7 @@ void RnaAppDiscovery::analyze_user_agent_fingerprint(const Packet* p, const char device_info, MAX_USER_AGENT_DEVICES) ) { logger.log(RNA_EVENT_NEW, NEW_OS, p, &rt, (const struct in6_addr*)ip->get_ip6_ptr(), - src_mac, (FpFingerprint*)uafp); + src_mac, (FpFingerprint*)uafp, packet_time()); } } diff --git a/src/network_inspectors/rna/rna_logger.cc b/src/network_inspectors/rna/rna_logger.cc index bd9ada573..c288d075c 100644 --- a/src/network_inspectors/rna/rna_logger.cc +++ b/src/network_inspectors/rna/rna_logger.cc @@ -107,9 +107,10 @@ void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker } void RnaLogger::log(uint16_t type, uint16_t subtype, const Packet* p, RnaTracker* ht, - const struct in6_addr* src_ip, const uint8_t* src_mac, const FpFingerprint* fp) + const struct in6_addr* src_ip, const uint8_t* src_mac, const FpFingerprint* fp, + uint32_t event_time) { - log(type, subtype, src_ip, src_mac, ht, p, 0, 0, + log(type, subtype, src_ip, src_mac, ht, p, event_time, 0, nullptr, nullptr, fp, nullptr, nullptr); } @@ -156,8 +157,12 @@ bool RnaLogger::log(uint16_t type, uint16_t subtype, const struct in6_addr* src_ rle.ip = src_ip; else rle.ip = nullptr; + if ( event_time ) + { + rle.event_time = event_time; (*ht)->update_last_event(event_time); + } EventManager::call_loggers(nullptr, const_cast(p), "RNA", &rle); diff --git a/src/network_inspectors/rna/rna_logger.h b/src/network_inspectors/rna/rna_logger.h index af41ae810..89ab74002 100644 --- a/src/network_inspectors/rna/rna_logger.h +++ b/src/network_inspectors/rna/rna_logger.h @@ -40,6 +40,7 @@ struct RnaLoggerEvent : public Event const snort::FpFingerprint* fpr, const snort::HostClient* hcp) : type(t), subtype(st), mac(mc), ht(rt), hm(hmp), proto(pr), cond_var(cv), ha(hap), fp(fpr), hc(hcp) { } + uint32_t event_time = 0; uint16_t type; uint16_t subtype; const struct in6_addr* ip; @@ -68,7 +69,8 @@ public: // for fingerprint void log(uint16_t type, uint16_t subtype, const snort::Packet* p, RnaTracker* ht, - const struct in6_addr* src_ip, const uint8_t* src_mac, const snort::FpFingerprint* fp); + const struct in6_addr* src_ip, const uint8_t* src_mac, const snort::FpFingerprint* fp, + uint32_t event_time); // for event time void log(uint16_t type, uint16_t subtype, const snort::Packet* p, RnaTracker* ht, diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc index c99bdaf61..422cf7d6d 100644 --- a/src/network_inspectors/rna/rna_pnd.cc +++ b/src/network_inspectors/rna/rna_pnd.cc @@ -197,7 +197,7 @@ void RnaPnd::discover_network(const Packet* p, uint8_t ttl) const TcpFingerprint* tfp = processor->get(p, rna_flow); if (tfp && ht->add_tcp_fingerprint(tfp->fpid)) - logger.log(RNA_EVENT_NEW, NEW_OS, p, &ht, src_ip_ptr, src_mac, tfp); + logger.log(RNA_EVENT_NEW, NEW_OS, p, &ht, src_ip_ptr, src_mac, tfp, packet_time()); } }