detect: remove pseudo checks from packet keywords

Keep as debug validation check.
1 year ago · 2d1ccb76b1
parent d03660a646
commit 2d1ccb76b1
19 changed files with 55 additions and 51 deletions
--- a/src/detect-dsize.c
+++ b/src/detect-dsize.c
@ -92,9 +92,7 @@ static int DetectDsizeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
    SCEnter();
    int ret = 0;

-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturnInt(0);
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    const DetectU16Data *dd = (const DetectU16Data *)ctx;

--- a/src/detect-fragbits.c
+++ b/src/detect-fragbits.c
@ -142,7 +142,8 @@ FragBitsMatch(const uint8_t pbits, const uint8_t modifier,
 static int DetectFragBitsMatch (DetectEngineThreadCtx *det_ctx,
        Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
-    if (!ctx || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!ctx || !PacketIsIPv4(p))
        return 0;

    uint8_t fragbits = 0;
@ -320,9 +321,10 @@ static void DetectFragBitsFree(DetectEngineCtx *de_ctx, void *de_ptr)
 static void
 PrefilterPacketFragBitsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    const PrefilterPacketHeaderCtx *ctx = pectx;

-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv4(p))
        return;

    uint8_t fragbits = 0;
--- a/src/detect-fragoffset.c
+++ b/src/detect-fragoffset.c
@ -111,8 +111,7 @@ static int DetectFragOffsetMatch (DetectEngineThreadCtx *det_ctx,
    uint16_t frag = 0;
    const DetectFragOffsetData *fragoff = (const DetectFragOffsetData *)ctx;

-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    if (PacketIsIPv4(p)) {
        const IPV4Hdr *ip4h = PacketGetIPv4(p);
@ -264,8 +263,7 @@ void DetectFragOffsetFree (DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketFragOffsetMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint16_t frag;

--- a/src/detect-geoip.c
+++ b/src/detect-geoip.c
@ -250,8 +250,7 @@ static int DetectGeoipMatch(DetectEngineThreadCtx *det_ctx,
    const DetectGeoipData *geoipdata = (const DetectGeoipData *)ctx;
    int matches = 0;

-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    if (PacketIsIPv4(p)) {
        if (geoipdata->flags & ( GEOIP_MATCH_SRC_FLAG | GEOIP_MATCH_BOTH_FLAG ))
--- a/src/detect-icmp-seq.c
+++ b/src/detect-icmp-seq.c
@ -76,9 +76,6 @@ static inline bool GetIcmpSeq(Packet *p, uint16_t *seq)
 {
    uint16_t seqn;

-    if (PKT_IS_PSEUDOPKT(p))
-        return false;
-
    if (PacketIsICMPv4(p)) {
        switch (p->icmp_s.type) {
            case ICMP_ECHOREPLY:
@ -136,6 +133,7 @@ static inline bool GetIcmpSeq(Packet *p, uint16_t *seq)
 static int DetectIcmpSeqMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    uint16_t seqn;

    if (!GetIcmpSeq(p, &seqn))
@ -277,8 +275,9 @@ void DetectIcmpSeqFree (DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketIcmpSeqMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    const PrefilterPacketHeaderCtx *ctx = pectx;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

+    const PrefilterPacketHeaderCtx *ctx = pectx;
    uint16_t seqn;

    if (!GetIcmpSeq(p, &seqn))
--- a/src/detect-icmpv6-mtu.c
+++ b/src/detect-icmpv6-mtu.c
@ -63,7 +63,7 @@ void DetectICMPv6mtuRegister(void)
 // returns 0 on no mtu, and 1 if mtu
 static inline int DetectICMPv6mtuGetValue(Packet *p, uint32_t *picmpv6mtu)
 {
-    if (!(PacketIsICMPv6(p)) || PKT_IS_PSEUDOPKT(p))
+    if (!(PacketIsICMPv6(p)))
        return 0;
    const ICMPV6Hdr *icmpv6h = PacketGetICMPv6(p);
    if (ICMPV6_GET_CODE(icmpv6h) != 0)
@ -89,6 +89,8 @@ static inline int DetectICMPv6mtuGetValue(Packet *p, uint32_t *picmpv6mtu)
 static int DetectICMPv6mtuMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
    uint32_t picmpv6mtu;
    if (DetectICMPv6mtuGetValue(p, &picmpv6mtu) == 0) {
        return 0;
@ -140,6 +142,8 @@ void DetectICMPv6mtuFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketIcmpv6mtuMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
    uint32_t picmpv6mtu;
    if (DetectICMPv6mtuGetValue(p, &picmpv6mtu) == 0) {
        return;
--- a/src/detect-icode.c
+++ b/src/detect-icode.c
@ -87,8 +87,7 @@ void DetectICodeRegister (void)
 static int DetectICodeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t picode;
    if (PacketIsICMPv4(p)) {
@ -152,9 +151,7 @@ void DetectICodeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketICodeMatch(DetectEngineThreadCtx *det_ctx,
        Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t picode;
    if (PacketIsICMPv4(p)) {
--- a/src/detect-id.c
+++ b/src/detect-id.c
@ -93,12 +93,13 @@ void DetectIdRegister (void)
 static int DetectIdMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
                          const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    const DetectIdData *id_d = (const DetectIdData *)ctx;

    /**
     * To match a ipv4 packet with a "id" rule
     */
-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) {
+    if (!PacketIsIPv4(p)) {
        return 0;
    }

@ -224,9 +225,11 @@ void DetectIdFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketIdMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
    const PrefilterPacketHeaderCtx *ctx = pectx;

-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) {
+    if (!PacketIsIPv4(p)) {
        return;
    }

--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@ -158,9 +158,11 @@ const char *IpOptsFlagToString(uint16_t flag)
 static int DetectIpOptsMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+
    const DetectIpOptsData *de = (const DetectIpOptsData *)ctx;

-    if (!de || !PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    if (!de || !PacketIsIPv4(p))
        return 0;

    return (p->l3.vars.ip4.opts_set & de->ipopt) == de->ipopt;
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@ -84,8 +84,7 @@ void DetectITypeRegister (void)
 static int DetectITypeMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t pitype;
    if (PacketIsICMPv4(p)) {
@ -168,9 +167,7 @@ void DetectITypeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketITypeMatch(DetectEngineThreadCtx *det_ctx,
        Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t pitype;
    if (PacketIsICMPv4(p)) {
--- a/src/detect-stream_size.c
+++ b/src/detect-stream_size.c
@ -118,6 +118,7 @@ static int DetectStreamSizeMatchAux(const DetectStreamSizeData *sd, const TcpSes
 static int DetectStreamSizeMatch(
        DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    const DetectStreamSizeData *sd = (const DetectStreamSizeData *)ctx;

@ -170,7 +171,8 @@ void DetectStreamSizeFree(DetectEngineCtx *de_ctx, void *ptr)
 static void PrefilterPacketStreamsizeMatch(
        DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p))
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p)))
        return;

    if (p->flow == NULL || p->flow->protoctx == NULL)
--- a/src/detect-tcp-ack.c
+++ b/src/detect-tcp-ack.c
@ -85,10 +85,11 @@ void DetectAckRegister(void)
 static int DetectAckMatch(DetectEngineThreadCtx *det_ctx,
                          Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    const DetectAckData *data = (const DetectAckData *)ctx;

    /* This is only needed on TCP packets */
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    if (!(PacketIsTCP(p))) {
        return 0;
    }

@ -151,12 +152,13 @@ static void DetectAckFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketAckMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    const PrefilterPacketHeaderCtx *ctx = pectx;

    if (!PrefilterPacketHeaderExtraMatch(ctx, p))
        return;

-    if (p->proto == IPPROTO_TCP && !(PKT_IS_PSEUDOPKT(p)) && PacketIsTCP(p) &&
+    if (p->proto == IPPROTO_TCP && PacketIsTCP(p) &&
            (TCP_GET_RAW_ACK(PacketGetTCP(p)) == ctx->v1.u32[0])) {
        SCLogDebug("packet matches TCP ack %u", ctx->v1.u32[0]);
        PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
--- a/src/detect-tcp-flags.c
+++ b/src/detect-tcp-flags.c
@ -151,7 +151,8 @@ static int DetectFlagsMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
 {
    SCEnter();

-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p))) {
        SCReturnInt(0);
    }

@ -553,7 +554,8 @@ int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s)
 static void
 PrefilterPacketFlagsMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p))) {
        SCReturn;
    }

--- a/src/detect-tcp-seq.c
+++ b/src/detect-tcp-seq.c
@ -83,8 +83,9 @@ static int DetectSeqMatch(DetectEngineThreadCtx *det_ctx,
 {
    const DetectSeqData *data = (const DetectSeqData *)ctx;

+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    /* This is only needed on TCP packets */
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p)) {
+    if (!(PacketIsTCP(p))) {
        return 0;
    }

@ -148,10 +149,11 @@ PrefilterPacketSeqMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *p
 {
    const PrefilterPacketHeaderCtx *ctx = pectx;

+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
    if (!PrefilterPacketHeaderExtraMatch(ctx, p))
        return;

-    if (p->proto == IPPROTO_TCP && !(PKT_IS_PSEUDOPKT(p)) && PacketIsTCP(p) &&
+    if (p->proto == IPPROTO_TCP && PacketIsTCP(p) &&
            (TCP_GET_RAW_SEQ(PacketGetTCP(p)) == ctx->v1.u32[0])) {
        SCLogDebug("packet matches TCP seq %u", ctx->v1.u32[0]);
        PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
--- a/src/detect-tcp-window.c
+++ b/src/detect-tcp-window.c
@ -87,7 +87,8 @@ static int DetectWindowMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
 {
    const DetectWindowData *wd = (const DetectWindowData *)ctx;

-    if (!(PacketIsTCP(p)) || wd == NULL || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p)) || wd == NULL) {
        return 0;
    }

--- a/src/detect-tcpmss.c
+++ b/src/detect-tcpmss.c
@ -74,8 +74,9 @@ void DetectTcpmssRegister(void)
 static int DetectTcpmssMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p))
+    if (!(PacketIsTCP(p)))
        return 0;

    if (!(TCP_HAS_MSS(p)))
@ -128,7 +129,8 @@ void DetectTcpmssFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketTcpmssMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (!(PacketIsTCP(p)) || PKT_IS_PSEUDOPKT(p))
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!(PacketIsTCP(p)))
        return;

    if (!(TCP_HAS_MSS(p)))
--- a/src/detect-template2.c
+++ b/src/detect-template2.c
@ -75,9 +75,7 @@ void DetectTemplate2Register(void)
 static int DetectTemplate2Match (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
-
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    /* TODO replace this */
    uint8_t ptemplate2;
@ -137,9 +135,7 @@ void DetectTemplate2Free(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t ptemplate2;
 /* TODO update */
--- a/src/detect-tos.c
+++ b/src/detect-tos.c
@ -96,7 +96,8 @@ static int DetectTosMatch(DetectEngineThreadCtx *det_ctx, Packet *p,
    const DetectTosData *tosd = (const DetectTosData *)ctx;
    int result = 0;

-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p)) {
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));
+    if (!PacketIsIPv4(p)) {
        return 0;
    }

--- a/src/detect-ttl.c
+++ b/src/detect-ttl.c
@ -81,8 +81,7 @@ void DetectTtlRegister(void)
 static int DetectTtlMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
        const Signature *s, const SigMatchCtx *ctx)
 {
-    if (PKT_IS_PSEUDOPKT(p))
-        return 0;
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t pttl;
    if (PacketIsIPv4(p)) {
@ -140,9 +139,7 @@ void DetectTtlFree(DetectEngineCtx *de_ctx, void *ptr)
 static void
 PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
 {
-    if (PKT_IS_PSEUDOPKT(p)) {
-        SCReturn;
-    }
+    DEBUG_VALIDATE_BUG_ON(PKT_IS_PSEUDOPKT(p));

    uint8_t pttl;
    if (PacketIsIPv4(p)) {