From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Wed, 4 May 2022 15:36:05 +0000 (+0000)
Subject: Pull request #3397: stream_tcp, pop: add sync_on_start method to StreamSplitter
X-Git-Tag: 3.1.30.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d69f21bb460f9d62ecf54a9738fad75121a18b1d;p=thirdparty%2Fsnort3.git

Pull request #3397: stream_tcp, pop: add sync_on_start method to StreamSplitter

Merge in SNORT/snort3 from ~RUCOMBS/snort3:sync_on_start to master

Squashed commit of the following:

commit fcd5a8de59569044555cc7d8bd987506767e53f3
Author: russ <rucombs@cisco.com>
Date:   Tue Apr 26 14:28:15 2022 -0400

    stream_tcp, pop: add sync_on_start method to StreamSplitter

    This is used to force a flush of data from the client when the wizard
    identifies a flow by data from the server. The new virtual defaults
    to false and pop overrides to true to handle the case where jumpy
    clients send a command before the server greeting. Other, similar
    overrides are anticipated.
---

diff --git a/src/service_inspectors/pop/pop.cc b/src/service_inspectors/pop/pop.cc
index 8c9e67634..9001bac47 100644
--- a/src/service_inspectors/pop/pop.cc
+++ b/src/service_inspectors/pop/pop.cc
@@ -101,9 +101,6 @@ const PegInfo pop_peg_names[] =
 };
 
 
-static void snort_pop(POP_PROTO_CONF* GlobalConf, Packet* p);
-static void POP_ResetState(Flow*);
-
 PopFlowData::PopFlowData() : FlowData(inspector_id)
 {
     memset(&session, 0, sizeof(session));
diff --git a/src/service_inspectors/pop/pop_paf.h b/src/service_inspectors/pop/pop_paf.h
index 51e814083..ebf7277a0 100644
--- a/src/service_inspectors/pop/pop_paf.h
+++ b/src/service_inspectors/pop/pop_paf.h
@@ -70,7 +70,11 @@ public:
     Status scan(snort::Packet*, const uint8_t* data, uint32_t len,
         uint32_t flags, uint32_t* fp) override;
 
-    bool is_paf() override { return true; }
+    bool is_paf() override
+    { return true; }
+
+    bool sync_on_start() const override
+    { return true; }
 
 public:
     PopPafData state;
diff --git a/src/stream/stream_splitter.h b/src/stream/stream_splitter.h
index 387cb252b..f4106da76 100644
--- a/src/stream/stream_splitter.h
+++ b/src/stream/stream_splitter.h
@@ -80,6 +80,7 @@ public:
         unsigned& copied       // actual data copied (1 <= copied <= len)
         );
 
+    virtual bool sync_on_start() const { return false; }
     virtual bool is_paf() { return false; }
     virtual unsigned max(Flow* = nullptr);
     virtual void go_away() { delete this; }
diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc
index a0b4c3553..e52073768 100644
--- a/src/stream/tcp/tcp_session.cc
+++ b/src/stream/tcp/tcp_session.cc
@@ -133,6 +133,9 @@ void TcpSession::restart(Packet* p)
     {
         talker = &server;
         listener = &client;
+
+        if ( server.get_splitter()->sync_on_start() )
+            flush_tracker(server, p, PKT_FROM_CLIENT, false);
     }
     else
     {