aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

decode: Packet action start with PACKET

Browse Source 
Rename all Packet action macro to have them prefixed by PACKET.
pull/402/merge
Eric Leblond 12 years ago committed by Victor Julien
parent 3304c91c91
commit 3f107fa130
17 changed files with 108 additions and 108 deletions
Show Stats Download Patch File Download Diff File

2
src/alert-prelude.c
Unescape Escape View File

@ -238,7 +238,7 @@ static int EventToImpact(PacketAlert *pa, Packet *p, idmef_alert_t *alert)
idmef_impact_set_severity(impact, severity);
if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (PACKET_TEST_ACTION(p, ACTION_DROP)) {
idmef_action_t *action;
ret = idmef_action_new(&action);

4
src/alert-unified2-alert.c
Unescape Escape View File

@ -648,7 +648,7 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
gphdr.dst_ip = *(struct in6_addr*)GET_IPV6_DST_ADDR(p);
gphdr.protocol = p->proto;
if(TEST_PACKET_ACTION(p, ACTION_DROP))
if(PACKET_TEST_ACTION(p, ACTION_DROP))
gphdr.packet_action = UNIFIED2_BLOCKED_FLAG;
else
gphdr.packet_action = 0;
@ -796,7 +796,7 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr;
gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h);
if(TEST_PACKET_ACTION(p, ACTION_DROP))
if(PACKET_TEST_ACTION(p, ACTION_DROP))
gphdr.packet_action = UNIFIED2_BLOCKED_FLAG;
else
gphdr.packet_action = 0;

18
src/decode.h
Unescape Escape View File

@ -706,54 +706,54 @@ typedef struct DecodeThreadVars_
/* macro's for setting the action
* handle the case of a root packet
* for tunnels */
#define ALERT_PACKET(p) do { \
#define PACKET_ALERT(p) do { \
((p)->root ? \
((p)->root->action = ACTION_ALERT) : \
((p)->action = ACTION_ALERT)); \
} while (0)
#define ACCEPT_PACKET(p) do { \
#define PACKET_ACCEPT(p) do { \
((p)->root ? \
((p)->root->action = ACTION_ACCEPT) : \
((p)->action = ACTION_ACCEPT)); \
} while (0)
#define DROP_PACKET(p) do { \
#define PACKET_DROP(p) do { \
((p)->root ? \
((p)->root->action = ACTION_DROP) : \
((p)->action = ACTION_DROP)); \
} while (0)
#define REJECT_PACKET(p) do { \
#define PACKET_REJECT(p) do { \
((p)->root ? \
((p)->root->action = (ACTION_REJECT|ACTION_DROP)) : \
((p)->action = (ACTION_REJECT|ACTION_DROP))); \
} while (0)
#define REJECT_PACKET_DST(p) do { \
#define PACKET_REJECT_DST(p) do { \
((p)->root ? \
((p)->root->action = (ACTION_REJECT_DST|ACTION_DROP)) : \
((p)->action = (ACTION_REJECT_DST|ACTION_DROP))); \
} while (0)
#define REJECT_PACKET_BOTH(p) do { \
#define PACKET_REJECT_BOTH(p) do { \
((p)->root ? \
((p)->root->action = (ACTION_REJECT_BOTH|ACTION_DROP)) : \
((p)->action = (ACTION_REJECT_BOTH|ACTION_DROP))); \
} while (0)
#define PASS_PACKET(p) do { \
#define PACKET_PASS(p) do { \
((p)->root ? \
((p)->root->action = ACTION_PASS) : \
((p)->action = ACTION_PASS)); \
} while (0)
#define TEST_PACKET_ACTION(p, a) \
#define PACKET_TEST_ACTION(p, a) \
((p)->root ? \
((p)->root->action & a) : \
((p)->action & a))
#define UPDATE_PACKET_ACTION(p, a) do { \
#define PACKET_UPDATE_ACTION(p, a) do { \
((p)->root ? \
((p)->root->action |= a) : \
((p)->action |= a)); \

14
src/detect-detection-filter.c
Unescape Escape View File

@ -579,17 +579,17 @@ static int DetectDetectionFilterTestSig3(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -597,22 +597,22 @@ static int DetectDetectionFilterTestSig3(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 3 && drops == 3)

6
src/detect-engine-alert.c
Unescape Escape View File

@ -248,16 +248,16 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
}
/* set verdict on packet */
UPDATE_PACKET_ACTION(p, p->alerts.alerts[i].action);
PACKET_UPDATE_ACTION(p, p->alerts.alerts[i].action);
if (TEST_PACKET_ACTION(p, ACTION_PASS)) {
if (PACKET_TEST_ACTION(p, ACTION_PASS)) {
/* Ok, reset the alert cnt to end in the previous of pass
* so we ignore the rest with less prio */
p->alerts.cnt = i;
break;
/* if the signature wants to drop, check if the
* PACKET_ALERT_FLAG_DROP_FLOW flag is set. */
} else if ((TEST_PACKET_ACTION(p, ACTION_DROP)) &&
} else if ((PACKET_TEST_ACTION(p, ACTION_DROP)) &&
((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) ||
(s->flags & SIG_FLAG_APPLAYER))
&& p->flow != NULL)

2
src/detect-engine-iponly.c
Unescape Escape View File

@ -1076,7 +1076,7 @@ void IPOnlyMatchPacket(ThreadVars *tv,
PacketAlertAppend(det_ctx, s, p, 0);
} else {
/* apply actions for noalert/rule suppressed as well */
UPDATE_PACKET_ACTION(p, s->action);
PACKET_UPDATE_ACTION(p, s->action);
}
}
}

2
src/detect-engine-state.c
Unescape Escape View File

@ -614,7 +614,7 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx,
if (!(s->flags & SIG_FLAG_NOALERT)) {
PacketAlertAppend(det_ctx, s, p, 0);
} else {
UPDATE_PACKET_ACTION(p, s->action);
PACKET_UPDATE_ACTION(p, s->action);
}
}

32
src/detect-engine-threshold.c
Unescape Escape View File

@ -384,16 +384,16 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3
/* Take the action to perform */
switch (td->new_action) {
case TH_ACTION_ALERT:
ALERT_PACKET(p);
PACKET_ALERT(p);
break;
case TH_ACTION_DROP:
DROP_PACKET(p);
PACKET_DROP(p);
break;
case TH_ACTION_REJECT:
REJECT_PACKET(p);
PACKET_REJECT(p);
break;
case TH_ACTION_PASS:
PASS_PACKET(p);
PACKET_PASS(p);
break;
default:
/* Weird, leave the default action */
@ -413,16 +413,16 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3
/* Take the action to perform */
switch (td->new_action) {
case TH_ACTION_ALERT:
ALERT_PACKET(p);
PACKET_ALERT(p);
break;
case TH_ACTION_DROP:
DROP_PACKET(p);
PACKET_DROP(p);
break;
case TH_ACTION_REJECT:
REJECT_PACKET(p);
PACKET_REJECT(p);
break;
case TH_ACTION_PASS:
PASS_PACKET(p);
PACKET_PASS(p);
break;
default:
/* Weird, leave the default action */
@ -501,16 +501,16 @@ static int ThresholdHandlePacketRule(DetectEngineCtx *de_ctx, Packet *p, DetectT
/* Take the action to perform */
switch (td->new_action) {
case TH_ACTION_ALERT:
ALERT_PACKET(p);
PACKET_ALERT(p);
break;
case TH_ACTION_DROP:
DROP_PACKET(p);
PACKET_DROP(p);
break;
case TH_ACTION_REJECT:
REJECT_PACKET(p);
PACKET_REJECT(p);
break;
case TH_ACTION_PASS:
PASS_PACKET(p);
PACKET_PASS(p);
break;
default:
/* Weird, leave the default action */
@ -529,16 +529,16 @@ static int ThresholdHandlePacketRule(DetectEngineCtx *de_ctx, Packet *p, DetectT
/* Take the action to perform */
switch (td->new_action) {
case TH_ACTION_ALERT:
ALERT_PACKET(p);
PACKET_ALERT(p);
break;
case TH_ACTION_DROP:
DROP_PACKET(p);
PACKET_DROP(p);
break;
case TH_ACTION_REJECT:
REJECT_PACKET(p);
PACKET_REJECT(p);
break;
case TH_ACTION_PASS:
PASS_PACKET(p);
PACKET_PASS(p);
break;
default:
/* Weird, leave the default action */

72
src/detect-threshold.c
Unescape Escape View File

@ -959,17 +959,17 @@ static int DetectThresholdTestSig7(void) {
TimeGet(&p->ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -977,17 +977,17 @@ static int DetectThresholdTestSig7(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 1 && drops == 6)
@ -1052,17 +1052,17 @@ static int DetectThresholdTestSig8(void) {
TimeGet(&p->ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -1070,17 +1070,17 @@ static int DetectThresholdTestSig8(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 2 && drops == 6)
@ -1145,17 +1145,17 @@ static int DetectThresholdTestSig9(void) {
TimeGet(&p->ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -1163,17 +1163,17 @@ static int DetectThresholdTestSig9(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 2 && drops == 2)
@ -1238,17 +1238,17 @@ static int DetectThresholdTestSig10(void) {
TimeGet(&p->ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -1256,17 +1256,17 @@ static int DetectThresholdTestSig10(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 1 && drops == 1)
@ -1331,17 +1331,17 @@ static int DetectThresholdTestSig11(void) {
TimeGet(&p->ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -1349,17 +1349,17 @@ static int DetectThresholdTestSig11(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 1 && drops == 4)
@ -1424,17 +1424,17 @@ static int DetectThresholdTestSig12(void) {
TimeGet(&p->ts);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts = PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
TimeSetIncrementTime(200);
@ -1442,17 +1442,17 @@ static int DetectThresholdTestSig12(void) {
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
alerts += PacketAlertCheck(p, 10);
drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0);
drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0);
p->action = 0;
if (alerts == 1 && drops == 2)

12
src/detect.c
Unescape Escape View File

@ -1342,7 +1342,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
if (p->flow->flags & FLOW_ACTION_DROP)
{
alert_flags = PACKET_ALERT_FLAG_DROP_FLOW;
UPDATE_PACKET_ACTION(p, ACTION_DROP);
PACKET_UPDATE_ACTION(p, ACTION_DROP);
}
}
@ -1626,7 +1626,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
PacketAlertAppend(det_ctx, s, p, alert_flags);
} else {
/* apply actions even if not alerting */
UPDATE_PACKET_ACTION(p, s->action);
PACKET_UPDATE_ACTION(p, s->action);
}
next:
DetectFlowvarProcessList(det_ctx, p->flow);
@ -1775,7 +1775,7 @@ TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
DEBUG_VALIDATE_PACKET(p);
/* No need to perform any detection on this packet, if the the given flag is set.*/
if ((p->flags & PKT_NOPACKET_INSPECTION) || (TEST_PACKET_ACTION(p,
if ((p->flags & PKT_NOPACKET_INSPECTION) || (PACKET_TEST_ACTION(p,
ACTION_DROP)))
return 0;
@ -10924,7 +10924,7 @@ static int SigTestDropFlow03(void)
goto end;
}
if ( !(TEST_PACKET_ACTION(p2, ACTION_DROP))) {
if ( !(PACKET_TEST_ACTION(p2, ACTION_DROP))) {
printf("A \"drop\" action should be set from the flow to the packet: ");
goto end;
}
@ -11055,7 +11055,7 @@ static int SigTestDropFlow04(void)
goto end;
}
if (!(TEST_PACKET_ACTION(p1, ACTION_DROP))) {
if (!(PACKET_TEST_ACTION(p1, ACTION_DROP))) {
printf("A \"drop\" action was set from the flow to the packet "
"which is right, but setting the flag shouldn't disable "
"inspection on the packet in IDS mode");
@ -11096,7 +11096,7 @@ static int SigTestDropFlow04(void)
goto end;
}
if (!(TEST_PACKET_ACTION(p2, ACTION_DROP))) {
if (!(PACKET_TEST_ACTION(p2, ACTION_DROP))) {
printf("A \"drop\" action was set from the flow to the packet "
"which is right, but setting the flag shouldn't disable "
"inspection on the packet in IDS mode");

4
src/log-droplog.c
Unescape Escape View File

@ -212,7 +212,7 @@ TmEcode LogDropLogNetFilter (ThreadVars *tv, Packet *p, void *data, PacketQueue
uint16_t proto = 0;
char timebuf[64];
if (!(TEST_PACKET_ACTION(p, ACTION_DROP)) || PKT_IS_PSEUDOPKT(p)) {
if (!(PACKET_TEST_ACTION(p, ACTION_DROP)) || PKT_IS_PSEUDOPKT(p)) {
return TM_ECODE_OK;
}
@ -392,7 +392,7 @@ int LogDropLogTest01()
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt == 1 && (TEST_PACKET_ACTION(p, ACTION_DROP)))
if (p->alerts.cnt == 1 && (PACKET_TEST_ACTION(p, ACTION_DROP)))
result = (strcmp(p->alerts.alerts[0].s->class_msg, "Unknown are we") == 0);
else
result = 0;

18
src/respond-reject.c
Unescape Escape View File

@ -60,9 +60,9 @@ TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
int ret = 0;
/* ACTION_REJECT defaults to rejecting the SRC */
if (!(TEST_PACKET_ACTION(p, ACTION_REJECT)) &&
!(TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) &&
!(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH))) {
if (!(PACKET_TEST_ACTION(p, ACTION_REJECT)) &&
!(PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) &&
!(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH))) {
return TM_ECODE_OK;
}
@ -94,11 +94,11 @@ TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq
}
int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) {
if (TEST_PACKET_ACTION(p, ACTION_REJECT)) {
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
} else if (TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) {
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
} else if(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH)) {
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC) == 0 &&
RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
return 0;
@ -110,11 +110,11 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) {
}
int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data) {
if (TEST_PACKET_ACTION(p, ACTION_REJECT)) {
if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
return RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
} else if (TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) {
} else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
return RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
} else if(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH)) {
} else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC) == 0 &&
RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
return 0;

2
src/source-af-packet.c
Unescape Escape View File

@ -614,7 +614,7 @@ TmEcode AFPWritePacket(Packet *p)
int socket;
if (p->afp_v.copy_mode == AFP_COPY_MODE_IPS) {
if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (PACKET_TEST_ACTION(p, ACTION_DROP)) {
return TM_ECODE_OK;
}
}

2
src/source-ipfw.c
Unescape Escape View File

@ -518,7 +518,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p)
IPFWpoll.fd = nq->fd;
IPFWpoll.events = POLLWRNORM;
if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (PACKET_TEST_ACTION(p, ACTION_DROP)) {
verdict = IPFW_DROP;
} else {
verdict = IPFW_ACCEPT;

2
src/source-nfq.c
Unescape Escape View File

@ -1014,7 +1014,7 @@ TmEcode NFQSetVerdict(Packet *p) {
return TM_ECODE_OK;
}
if (TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (PACKET_TEST_ACTION(p, ACTION_DROP)) {
verdict = NF_DROP;
#ifdef COUNTERS
t->dropped++;

4
src/stream-tcp.c
Unescape Escape View File

@ -4165,7 +4165,7 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
FlowSetNoPacketInspectionFlag(p->flow);
DecodeSetNoPacketInspectionFlag(p);
FlowSetSessionNoApplayerInspectionFlag(p->flow);
UPDATE_PACKET_ACTION(p, ACTION_DROP);
PACKET_UPDATE_ACTION(p, ACTION_DROP);
/* return the segments to the pool */
StreamTcpSessionPktFree(p);
SCReturnInt(0);
@ -4377,7 +4377,7 @@ error:
}
if (StreamTcpInlineMode()) {
UPDATE_PACKET_ACTION(p, ACTION_DROP);
PACKET_UPDATE_ACTION(p, ACTION_DROP);
}
SCReturnInt(-1);
}

20
src/util-threshold-config.c
Unescape Escape View File

@ -1642,7 +1642,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) {
result = 0;
goto end;
}
@ -1650,7 +1650,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) {
result = 0;
goto end;
}
@ -1658,7 +1658,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) {
result = 0;
goto end;
}
@ -1669,7 +1669,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || !(TEST_PACKET_ACTION(p, ACTION_DROP))) {
if (p->alerts.cnt != 1 || !(PACKET_TEST_ACTION(p, ACTION_DROP))) {
result = 0;
goto end;
}
@ -1680,7 +1680,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || !(TEST_PACKET_ACTION(p, ACTION_DROP))) {
if (p->alerts.cnt != 1 || !(PACKET_TEST_ACTION(p, ACTION_DROP))) {
result = 0;
goto end;
}
@ -1691,7 +1691,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) {
result = 0;
goto end;
}
@ -1699,7 +1699,7 @@ int SCThresholdConfTest09(void)
p->alerts.cnt = 0;
p->action = 0;
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) {
if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) {
result = 0;
goto end;
}
@ -2221,7 +2221,7 @@ static int SCThresholdConfTest15(void)
goto end;
}
/* however, it should have set the drop flag */
if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) {
if (!(PACKET_TEST_ACTION(p, ACTION_DROP))) {
printf("sid 10000 should have set DROP flag even if suppressed: ");
goto end;
}
@ -2290,7 +2290,7 @@ static int SCThresholdConfTest16(void)
goto end;
}
/* however, it should have set the drop flag */
if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) {
if (!(PACKET_TEST_ACTION(p, ACTION_DROP))) {
printf("sid 1000 should have set DROP flag even if suppressed: ");
goto end;
}
@ -2359,7 +2359,7 @@ static int SCThresholdConfTest17(void)
goto end;
}
/* however, it should have set the drop flag */
if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) {
if (!(PACKET_TEST_ACTION(p, ACTION_DROP))) {
printf("sid 10000 should have set DROP flag even if suppressed: ");
goto end;
}

Write Preview
Loading…
Cancel
Save