From: Hui Cao (huica) <huica@cisco.com>
Date: Fri, 22 Jun 2018 13:20:34 +0000 (-0400)
Subject: Merge pull request #1280 in SNORT/snort3 from reputation_default to master
X-Git-Tag: 3.0.0-246~45
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2fa0029aa414ae9ccadf666920c4b3a528da0876;p=thirdparty%2Fsnort3.git

Merge pull request #1280 in SNORT/snort3 from reputation_default to master

Squashed commit of the following:

commit 6cd7800ea3c44ab9b8850dd002ea62675b4a9fbd
Author: huica <huica@cisco.com>
Date:   Wed Jun 20 13:56:44 2018 -0400

    Reputation: make sure reputation inspector is called in default policy
---

diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc
index 1f2242625..fb13e026c 100644
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -945,13 +945,6 @@ void InspectorManager::full_inspection(Packet* p)
     }
 }
 
-void InspectorManager::execute_control(Packet* p)
-{
-    SnortConfig* sc = SnortConfig::get_conf();
-    FrameworkPolicy* fp = snort::get_default_inspection_policy(sc)->framework_policy;
-    ::execute(p, fp->control.vec, fp->control.num);
-}
-
 // FIXIT-M leverage knowledge of flow creation so that reputation (possibly a
 // new it_xxx) is run just once per flow (and all non-flow packets).
 
@@ -979,14 +972,19 @@ void InspectorManager::execute(Packet* p)
     if ( p->disable_inspect )
        return;
 
+    SnortConfig* sc = SnortConfig::get_conf();
+    FrameworkPolicy* fp_dft = snort::get_default_inspection_policy(sc)->framework_policy;
+
     if ( !p->flow )
     {
+        if (fp_dft != fp)
+            ::execute(p, fp_dft->network.vec, fp_dft->network.num);
         ::execute(p, fp->network.vec, fp->network.num);
 
         if ( p->disable_inspect )
            return;
 
-        execute_control(p);
+        ::execute(p, fp_dft->control.vec, fp_dft->control.num);
     }
     else
     {
@@ -994,7 +992,11 @@ void InspectorManager::execute(Packet* p)
             p->flow->session->process(p);
 
         if ( !p->flow->service )
+        {
+            if (fp_dft != fp)
+                ::execute(p, fp_dft->network.vec, fp_dft->network.num);
             ::execute(p, fp->network.vec, fp->network.num);
+        }
 
         if ( p->disable_inspect )
            return;
@@ -1003,7 +1005,7 @@ void InspectorManager::execute(Packet* p)
             full_inspection(p);
 
         if ( !p->disable_inspect and !p->flow->is_inspection_disabled() )
-            execute_control(p);
+            ::execute(p, fp_dft->control.vec, fp_dft->control.num);
     }
 }
 
diff --git a/src/managers/inspector_manager.h b/src/managers/inspector_manager.h
index 6fe1fb26a..1f6968a4c 100644
--- a/src/managers/inspector_manager.h
+++ b/src/managers/inspector_manager.h
@@ -89,7 +89,6 @@ public:
 private:
     static void bumble(Packet*);
     static void full_inspection(Packet*);
-    static void execute_control(Packet*);
 };
 }
 #endif