From: Steven Baigal (sbaigal) Date: Fri, 28 Apr 2023 17:38:41 +0000 (+0000) Subject: Pull request #3825: tcp_reassembler: Fix missing VLAN ids in TCP pseudopkts X-Git-Tag: 3.1.61.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e98f84fc95d3954c5e674dd53595a1e8cf11baa7;p=thirdparty%2Fsnort3.git Pull request #3825: tcp_reassembler: Fix missing VLAN ids in TCP pseudopkts Merge in SNORT/snort3 from ~CHSHERWI/snort3:vlan_fix2 to master Squashed commit of the following: commit d89e24f57bca7d1f9af03858b5c7069d84039fce Author: Chris Sherwin Date: Thu Apr 27 15:15:15 2023 -0400 stream tcp: Populate TCP pseudopackets with VLAN ids in TCP reassembler to avoid issues with secondary flow creation / expected flow cache --- diff --git a/src/network_inspectors/rna/rna_app_discovery.cc b/src/network_inspectors/rna/rna_app_discovery.cc index 7843cfc4a..920837e49 100644 --- a/src/network_inspectors/rna/rna_app_discovery.cc +++ b/src/network_inspectors/rna/rna_app_discovery.cc @@ -357,7 +357,7 @@ void RnaAppDiscovery::discover_client(const Packet* p, DiscoveryFilter& filter, rt->update_last_seen(); const uint8_t* mac; - if ( layer::get_eth_layer(p) ) + if ( !(p->packet_flags & PKT_REBUILT_STREAM ) && layer::get_eth_layer(p) ) { if ( p->is_from_server() ) mac = layer::get_eth_layer(p)->ether_dst; diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 27fbc04ce..9f516fcb0 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -551,6 +551,15 @@ Packet* TcpReassembler::initialize_pdu( pdu->data = nullptr; pdu->ip_proto_next = (IpProtocol)p->flow->ip_proto; + + if ( p->proto_bits & PROTO_BIT__VLAN ) + { + memcpy( pdu->layers, p->layers, p->num_layers * sizeof(Layer)); + pdu->num_layers = p->num_layers; + pdu->proto_bits |= PROTO_BIT__VLAN; + pdu->vlan_idx = p->vlan_idx; + } + return pdu; }