From: Steve Chew (stechew) <stechew@cisco.com>
Date: Thu, 14 May 2020 12:58:51 +0000 (+0000)
Subject: Merge pull request #2197 in SNORT/snort3 from ~STECHEW/snort3:block_retry_no_flow... 
X-Git-Tag: 3.0.1-4~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d68edfa05c80255f6771a21bd4b38af4e115cc23;p=thirdparty%2Fsnort3.git

Merge pull request #2197 in SNORT/snort3 from ~STECHEW/snort3:block_retry_no_flow to master

Squashed commit of the following:

commit f8e17fe8506a9787e26d19b613c3b1fdc37f0b0c
Author: Steve Chew <stechew@cisco.com>
Date:   Fri May 1 17:26:58 2020 -0400

    flow: If a retry packet does not belong to a flow, block it.
---

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index ea0fe9450..ab6d8a573 100644
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -320,6 +320,14 @@ static bool want_flow(PktType type, Packet* p)
     if ( type != PktType::TCP )
         return true;
 
+    if ( p->is_retry() )
+    {
+        // Do not start a new flow from a retry packet.
+        p->active->drop_packet(p);
+        p->disable_inspect = true;
+        return false;
+    }
+
     if ( p->ptrs.tcph->is_rst() )
         // guessing direction based on ports is misleading
         return false;
diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc
index 45415f866..38a6b02c5 100644
--- a/src/flow/test/flow_cache_test.cc
+++ b/src/flow/test/flow_cache_test.cc
@@ -53,6 +53,7 @@ THREAD_LOCAL bool Active::s_suspend = false;
 
 THREAD_LOCAL PacketTracer* snort::s_pkt_trace = nullptr;
 
+void Active::drop_packet(snort::Packet const*, bool) { }
 PacketTracer::PacketTracer() { }
 PacketTracer::~PacketTracer() { }
 void PacketTracer::log(const char*, ...) { }
diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc
index 93bf2d14b..3fd3fd75e 100644
--- a/src/flow/test/flow_control_test.cc
+++ b/src/flow/test/flow_control_test.cc
@@ -53,6 +53,7 @@ THREAD_LOCAL bool Active::s_suspend = false;
 
 THREAD_LOCAL PacketTracer* snort::s_pkt_trace = nullptr;
 
+void Active::drop_packet(snort::Packet const*, bool) { }
 PacketTracer::PacketTracer() = default;
 PacketTracer::~PacketTracer() = default;
 void PacketTracer::log(const char*, ...) { }