From: Masud Hasan (mashasan) Date: Fri, 2 Apr 2021 15:10:49 +0000 (+0000) Subject: Merge pull request #2824 in SNORT/snort3 from ~SMINUT/snort3:data_purge to master X-Git-Tag: 3.1.4.0~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0573c2289bd834ba5b49d4fb03ffb25db00c397;p=thirdparty%2Fsnort3.git Merge pull request #2824 in SNORT/snort3 from ~SMINUT/snort3:data_purge to master Squashed commit of the following: commit 596cd6e63ee19063e7c5fcdba4d930a99af486f9 Author: Silviu Minut Date: Thu Apr 1 16:01:12 2021 -0400 host_tracker: fix bug in set_visibility Clear HostTracker internal data not only when the visibility gets turned off, but rather whenever the visibility changes, in order to allow everything to be rediscovered after a data purge. --- diff --git a/src/host_tracker/host_tracker.cc b/src/host_tracker/host_tracker.cc index 4258e48c6..758d873f2 100644 --- a/src/host_tracker/host_tracker.cc +++ b/src/host_tracker/host_tracker.cc @@ -817,7 +817,7 @@ bool HostTracker::set_visibility(bool v) visibility = v ? container_id : HostCacheIp::invalid_id; - if ( visibility == HostCacheIp::invalid_id ) + if ( old_visibility != visibility ) { for ( auto& proto : network_protos ) proto.second = false; @@ -849,6 +849,9 @@ bool HostTracker::set_visibility(bool v) tcp_fpids.clear(); ua_fps.clear(); + udp_fpids.clear(); + smb_fpids.clear(); + netbios_name.clear(); } return old_visibility == visibility; diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc index 2f88daf10..177a51155 100644 --- a/src/network_inspectors/rna/rna_pnd.cc +++ b/src/network_inspectors/rna/rna_pnd.cc @@ -262,7 +262,7 @@ void RnaPnd::discover_network(const Packet* p, uint8_t ttl) rna_flow = nullptr; const TcpFingerprint* tfp = processor->get(p, rna_flow); - if (tfp and ht->add_tcp_fingerprint(tfp->fpid)) + if ( tfp and ht->add_tcp_fingerprint(tfp->fpid) ) logger.log(RNA_EVENT_NEW, NEW_OS, p, &ht, src_ip_ptr, src_mac, tfp, packet_time()); } }