From: Bendik Hagen <bendik@mnemonic.no>
Date: Thu, 31 Jan 2019 21:43:58 +0000 (+0100)
Subject: Flow/Stream: set psuedopacket iface/vlan from flow
X-Git-Tag: suricata-5.0.0-beta1~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f558ef2c55141807f59d5e5c823641a0d05b7c8b;p=thirdparty%2Fsuricata.git

Flow/Stream: set psuedopacket iface/vlan from flow

This fixes redmine bug #2057 by setting pseudopacket iface and vlan from
flow values, solving the problem of missing vlan/iface when psuedopacket
gets logged/alerted on.
---

diff --git a/src/flow-timeout.c b/src/flow-timeout.c
index 4fde34b952..2619fdf56d 100644
--- a/src/flow-timeout.c
+++ b/src/flow-timeout.c
@@ -88,6 +88,10 @@ static inline Packet *FlowForceReassemblyPseudoPacketSetup(Packet *p,
     p->flags |= PKT_STREAM_EOF;
     p->flags |= PKT_HAS_FLOW;
     p->flags |= PKT_PSEUDO_STREAM_END;
+    p->vlan_id[0] = f->vlan_id[0];
+    p->vlan_id[1] = f->vlan_id[1];
+    p->vlan_idx = f->vlan_idx;
+    p->livedev = (struct LiveDevice_ *)f->livedev;
 
     if (f->flags & FLOW_NOPACKET_INSPECTION) {
         DecodeSetNoPacketInspectionFlag(p);
@@ -469,4 +473,3 @@ void FlowForceReassembly(void)
     FlowForceReassemblyForHash();
     return;
 }
-
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 7c0ff47021..119d278104 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -6042,6 +6042,10 @@ static void StreamTcpPseudoPacketCreateDetectLogFlush(ThreadVars *tv,
     np->flags |= PKT_HAS_FLOW;
     np->flags |= PKT_IGNORE_CHECKSUM;
     np->flags |= PKT_PSEUDO_DETECTLOG_FLUSH;
+    np->vlan_id[0] = f->vlan_id[0];
+    np->vlan_id[1] = f->vlan_id[1];
+    np->vlan_idx = f->vlan_idx;
+    np->livedev = (struct LiveDevice_ *)f->livedev;
 
     if (f->flags & FLOW_NOPACKET_INSPECTION) {
         DecodeSetNoPacketInspectionFlag(np);
@@ -10835,4 +10839,3 @@ void StreamTcpRegisterTests (void)
     StreamTcpSackRegisterTests ();
 #endif /* UNITTESTS */
 }
-