From: Steven Baigal (sbaigal) <sbaigal@cisco.com>
Date: Wed, 20 Sep 2023 20:46:42 +0000 (+0000)
Subject: Pull request #4012: flow: allow reinspection for blocked icmp flows after reload
X-Git-Tag: 3.1.71.0~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3ffcf97ebf831a01b37f458226beaee45a25642;p=thirdparty%2Fsnort3.git

Pull request #4012: flow: allow reinspection for blocked icmp flows after reload

Merge in SNORT/snort3 from ~SBAIGAL/snort3:icmp_fix to master

Squashed commit of the following:

commit 2749fdea6bb8b5e777288fd234f088adc05404ba
Author: Steven Baigal <sbaigal@cisco.com>
Date:   Wed Sep 13 14:24:18 2023 -0400

    flow: allow reinspection for blocked icmp flows after reload
---

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index e84f3e847..56c5be9e8 100644
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -431,6 +431,14 @@ bool FlowControl::process(PktType type, Packet* p, bool* new_flow)
     return true;
 }
 
+static inline void restart_inspection(Flow* flow, Packet* p)
+{
+    p->disable_inspect = false;
+    flow->flags.disable_inspect = false;
+    flow->flow_state = Flow::FlowState::SETUP;
+    flow->last_verdict = MAX_DAQ_VERDICT;
+}
+
 unsigned FlowControl::process(Flow* flow, Packet* p, bool new_ha_flow)
 {
     unsigned news = 0;
@@ -440,6 +448,10 @@ unsigned FlowControl::process(Flow* flow, Packet* p, bool new_ha_flow)
     p->flow = flow;
     p->disable_inspect = flow->is_inspection_disabled();
 
+    if ( p->disable_inspect and p->type() == PktType::ICMP
+         and flow->reload_id and SnortConfig::get_thread_reload_id() != flow->reload_id )
+        restart_inspection(flow, p);
+
     last_pkt_type = p->type();
 
     // If this code is executed on a flow in SETUP state, it will result in a packet from both