From: Shibin K V (shikv) Date: Wed, 28 Jan 2026 16:40:45 +0000 (+0000) Subject: Pull request #5120: dns: clear insert flag for DoH/DoQ X-Git-Tag: 3.11.1.0~35 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=56734c8c1c273c3905c61cdfd6efbd2ada4b5b30;p=thirdparty%2Fsnort3.git Pull request #5120: dns: clear insert flag for DoH/DoQ Merge in SNORT/snort3 from ~SHIKV/snort3:dns_ips_fix to master Squashed commit of the following: commit 8925ab1e95e9c656b8fa5fe3e6c359657aecbf7d Author: shibin kv Date: Tue Jan 27 23:50:24 2026 -0600 dns: clear insert flag for DoH/DoQ --- diff --git a/src/service_inspectors/dns/dns_payload_event_handler.cc b/src/service_inspectors/dns/dns_payload_event_handler.cc index 64935ffb6..e1f8b4f99 100644 --- a/src/service_inspectors/dns/dns_payload_event_handler.cc +++ b/src/service_inspectors/dns/dns_payload_event_handler.cc @@ -47,12 +47,16 @@ void DnsPayloadEventHandler::handle(DataEvent& event, Flow* flow) const uint8_t* old_data = p->data; const uint32_t old_dsize = p->dsize; SnortProtocolId old_protocol_id = p->flow->ssn_state.snort_protocol_id; + bool is_insert_set = p->packet_flags & PKT_STREAM_INSERT; { p->data = dns_payload; p->dsize = payload_length; p->flow->ssn_state.snort_protocol_id = inspector.get_service(); + p->context->snapshot_flow(p->flow); p->packet_flags |= PKT_ALLOW_MULTIPLE_DETECT; + if (is_insert_set) + p->packet_flags &= ~PKT_STREAM_INSERT; DetectionEngine::detect(p); } @@ -62,5 +66,8 @@ void DnsPayloadEventHandler::handle(DataEvent& event, Flow* flow) p->data = old_data; p->dsize = old_dsize; p->flow->ssn_state.snort_protocol_id = old_protocol_id; + p->context->snapshot_flow(flow); + if (is_insert_set) + p->packet_flags |= PKT_STREAM_INSERT; }