From 3f107fa130278523ea127f0f570dd543d8f1df3d Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Mon, 24 Jun 2013 09:44:46 +0200 Subject: [PATCH] decode: Packet action start with PACKET Rename all Packet action macro to have them prefixed by PACKET. --- src/alert-prelude.c | 2 +- src/alert-unified2-alert.c | 4 +- src/decode.h | 18 ++++----- src/detect-detection-filter.c | 14 +++---- src/detect-engine-alert.c | 6 +-- src/detect-engine-iponly.c | 2 +- src/detect-engine-state.c | 2 +- src/detect-engine-threshold.c | 32 ++++++++-------- src/detect-threshold.c | 72 +++++++++++++++++------------------ src/detect.c | 12 +++--- src/log-droplog.c | 4 +- src/respond-reject.c | 18 ++++----- src/source-af-packet.c | 2 +- src/source-ipfw.c | 2 +- src/source-nfq.c | 2 +- src/stream-tcp.c | 4 +- src/util-threshold-config.c | 20 +++++----- 17 files changed, 108 insertions(+), 108 deletions(-) diff --git a/src/alert-prelude.c b/src/alert-prelude.c index c74f62eb2e..6dbbf8728d 100644 --- a/src/alert-prelude.c +++ b/src/alert-prelude.c @@ -238,7 +238,7 @@ static int EventToImpact(PacketAlert *pa, Packet *p, idmef_alert_t *alert) idmef_impact_set_severity(impact, severity); - if (TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (PACKET_TEST_ACTION(p, ACTION_DROP)) { idmef_action_t *action; ret = idmef_action_new(&action); diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index 3ef5bfb076..4146f3928d 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -648,7 +648,7 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq gphdr.dst_ip = *(struct in6_addr*)GET_IPV6_DST_ADDR(p); gphdr.protocol = p->proto; - if(TEST_PACKET_ACTION(p, ACTION_DROP)) + if(PACKET_TEST_ACTION(p, ACTION_DROP)) gphdr.packet_action = UNIFIED2_BLOCKED_FLAG; else gphdr.packet_action = 0; @@ -796,7 +796,7 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p gphdr.dst_ip = p->ip4h->s_ip_dst.s_addr; gphdr.protocol = IPV4_GET_RAW_IPPROTO(p->ip4h); - if(TEST_PACKET_ACTION(p, ACTION_DROP)) + if(PACKET_TEST_ACTION(p, ACTION_DROP)) gphdr.packet_action = UNIFIED2_BLOCKED_FLAG; else gphdr.packet_action = 0; diff --git a/src/decode.h b/src/decode.h index 687c871920..b3f493bd8b 100644 --- a/src/decode.h +++ b/src/decode.h @@ -706,54 +706,54 @@ typedef struct DecodeThreadVars_ /* macro's for setting the action * handle the case of a root packet * for tunnels */ -#define ALERT_PACKET(p) do { \ +#define PACKET_ALERT(p) do { \ ((p)->root ? \ ((p)->root->action = ACTION_ALERT) : \ ((p)->action = ACTION_ALERT)); \ } while (0) -#define ACCEPT_PACKET(p) do { \ +#define PACKET_ACCEPT(p) do { \ ((p)->root ? \ ((p)->root->action = ACTION_ACCEPT) : \ ((p)->action = ACTION_ACCEPT)); \ } while (0) -#define DROP_PACKET(p) do { \ +#define PACKET_DROP(p) do { \ ((p)->root ? \ ((p)->root->action = ACTION_DROP) : \ ((p)->action = ACTION_DROP)); \ } while (0) -#define REJECT_PACKET(p) do { \ +#define PACKET_REJECT(p) do { \ ((p)->root ? \ ((p)->root->action = (ACTION_REJECT|ACTION_DROP)) : \ ((p)->action = (ACTION_REJECT|ACTION_DROP))); \ } while (0) -#define REJECT_PACKET_DST(p) do { \ +#define PACKET_REJECT_DST(p) do { \ ((p)->root ? \ ((p)->root->action = (ACTION_REJECT_DST|ACTION_DROP)) : \ ((p)->action = (ACTION_REJECT_DST|ACTION_DROP))); \ } while (0) -#define REJECT_PACKET_BOTH(p) do { \ +#define PACKET_REJECT_BOTH(p) do { \ ((p)->root ? \ ((p)->root->action = (ACTION_REJECT_BOTH|ACTION_DROP)) : \ ((p)->action = (ACTION_REJECT_BOTH|ACTION_DROP))); \ } while (0) -#define PASS_PACKET(p) do { \ +#define PACKET_PASS(p) do { \ ((p)->root ? \ ((p)->root->action = ACTION_PASS) : \ ((p)->action = ACTION_PASS)); \ } while (0) -#define TEST_PACKET_ACTION(p, a) \ +#define PACKET_TEST_ACTION(p, a) \ ((p)->root ? \ ((p)->root->action & a) : \ ((p)->action & a)) -#define UPDATE_PACKET_ACTION(p, a) do { \ +#define PACKET_UPDATE_ACTION(p, a) do { \ ((p)->root ? \ ((p)->root->action |= a) : \ ((p)->action |= a)); \ diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c index f2791021c0..83cd7a0dd8 100644 --- a/src/detect-detection-filter.c +++ b/src/detect-detection-filter.c @@ -579,17 +579,17 @@ static int DetectDetectionFilterTestSig3(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -597,22 +597,22 @@ static int DetectDetectionFilterTestSig3(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 3 && drops == 3) diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index ac6725a0a1..6fa16c4d80 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -248,16 +248,16 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx } /* set verdict on packet */ - UPDATE_PACKET_ACTION(p, p->alerts.alerts[i].action); + PACKET_UPDATE_ACTION(p, p->alerts.alerts[i].action); - if (TEST_PACKET_ACTION(p, ACTION_PASS)) { + if (PACKET_TEST_ACTION(p, ACTION_PASS)) { /* Ok, reset the alert cnt to end in the previous of pass * so we ignore the rest with less prio */ p->alerts.cnt = i; break; /* if the signature wants to drop, check if the * PACKET_ALERT_FLAG_DROP_FLOW flag is set. */ - } else if ((TEST_PACKET_ACTION(p, ACTION_DROP)) && + } else if ((PACKET_TEST_ACTION(p, ACTION_DROP)) && ((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) || (s->flags & SIG_FLAG_APPLAYER)) && p->flow != NULL) diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c index 0c60f00510..e9c41087ba 100644 --- a/src/detect-engine-iponly.c +++ b/src/detect-engine-iponly.c @@ -1076,7 +1076,7 @@ void IPOnlyMatchPacket(ThreadVars *tv, PacketAlertAppend(det_ctx, s, p, 0); } else { /* apply actions for noalert/rule suppressed as well */ - UPDATE_PACKET_ACTION(p, s->action); + PACKET_UPDATE_ACTION(p, s->action); } } } diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index 4806d21670..62effe57c1 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -614,7 +614,7 @@ void DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, if (!(s->flags & SIG_FLAG_NOALERT)) { PacketAlertAppend(det_ctx, s, p, 0); } else { - UPDATE_PACKET_ACTION(p, s->action); + PACKET_UPDATE_ACTION(p, s->action); } } diff --git a/src/detect-engine-threshold.c b/src/detect-engine-threshold.c index d152d2732b..baa9e44e38 100644 --- a/src/detect-engine-threshold.c +++ b/src/detect-engine-threshold.c @@ -384,16 +384,16 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: - ALERT_PACKET(p); + PACKET_ALERT(p); break; case TH_ACTION_DROP: - DROP_PACKET(p); + PACKET_DROP(p); break; case TH_ACTION_REJECT: - REJECT_PACKET(p); + PACKET_REJECT(p); break; case TH_ACTION_PASS: - PASS_PACKET(p); + PACKET_PASS(p); break; default: /* Weird, leave the default action */ @@ -413,16 +413,16 @@ int ThresholdHandlePacketHost(Host *h, Packet *p, DetectThresholdData *td, uint3 /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: - ALERT_PACKET(p); + PACKET_ALERT(p); break; case TH_ACTION_DROP: - DROP_PACKET(p); + PACKET_DROP(p); break; case TH_ACTION_REJECT: - REJECT_PACKET(p); + PACKET_REJECT(p); break; case TH_ACTION_PASS: - PASS_PACKET(p); + PACKET_PASS(p); break; default: /* Weird, leave the default action */ @@ -501,16 +501,16 @@ static int ThresholdHandlePacketRule(DetectEngineCtx *de_ctx, Packet *p, DetectT /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: - ALERT_PACKET(p); + PACKET_ALERT(p); break; case TH_ACTION_DROP: - DROP_PACKET(p); + PACKET_DROP(p); break; case TH_ACTION_REJECT: - REJECT_PACKET(p); + PACKET_REJECT(p); break; case TH_ACTION_PASS: - PASS_PACKET(p); + PACKET_PASS(p); break; default: /* Weird, leave the default action */ @@ -529,16 +529,16 @@ static int ThresholdHandlePacketRule(DetectEngineCtx *de_ctx, Packet *p, DetectT /* Take the action to perform */ switch (td->new_action) { case TH_ACTION_ALERT: - ALERT_PACKET(p); + PACKET_ALERT(p); break; case TH_ACTION_DROP: - DROP_PACKET(p); + PACKET_DROP(p); break; case TH_ACTION_REJECT: - REJECT_PACKET(p); + PACKET_REJECT(p); break; case TH_ACTION_PASS: - PASS_PACKET(p); + PACKET_PASS(p); break; default: /* Weird, leave the default action */ diff --git a/src/detect-threshold.c b/src/detect-threshold.c index e8d5569619..aec9cb5464 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -959,17 +959,17 @@ static int DetectThresholdTestSig7(void) { TimeGet(&p->ts); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -977,17 +977,17 @@ static int DetectThresholdTestSig7(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 1 && drops == 6) @@ -1052,17 +1052,17 @@ static int DetectThresholdTestSig8(void) { TimeGet(&p->ts); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -1070,17 +1070,17 @@ static int DetectThresholdTestSig8(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 2 && drops == 6) @@ -1145,17 +1145,17 @@ static int DetectThresholdTestSig9(void) { TimeGet(&p->ts); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -1163,17 +1163,17 @@ static int DetectThresholdTestSig9(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 2 && drops == 2) @@ -1238,17 +1238,17 @@ static int DetectThresholdTestSig10(void) { TimeGet(&p->ts); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -1256,17 +1256,17 @@ static int DetectThresholdTestSig10(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 1 && drops == 1) @@ -1331,17 +1331,17 @@ static int DetectThresholdTestSig11(void) { TimeGet(&p->ts); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -1349,17 +1349,17 @@ static int DetectThresholdTestSig11(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 1 && drops == 4) @@ -1424,17 +1424,17 @@ static int DetectThresholdTestSig12(void) { TimeGet(&p->ts); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts = PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; TimeSetIncrementTime(200); @@ -1442,17 +1442,17 @@ static int DetectThresholdTestSig12(void) { SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); alerts += PacketAlertCheck(p, 10); - drops += ((TEST_PACKET_ACTION(p, ACTION_DROP))?1:0); + drops += ((PACKET_TEST_ACTION(p, ACTION_DROP))?1:0); p->action = 0; if (alerts == 1 && drops == 2) diff --git a/src/detect.c b/src/detect.c index 596ad3827c..d297b55300 100644 --- a/src/detect.c +++ b/src/detect.c @@ -1342,7 +1342,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh if (p->flow->flags & FLOW_ACTION_DROP) { alert_flags = PACKET_ALERT_FLAG_DROP_FLOW; - UPDATE_PACKET_ACTION(p, ACTION_DROP); + PACKET_UPDATE_ACTION(p, ACTION_DROP); } } @@ -1626,7 +1626,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh PacketAlertAppend(det_ctx, s, p, alert_flags); } else { /* apply actions even if not alerting */ - UPDATE_PACKET_ACTION(p, s->action); + PACKET_UPDATE_ACTION(p, s->action); } next: DetectFlowvarProcessList(det_ctx, p->flow); @@ -1775,7 +1775,7 @@ TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue DEBUG_VALIDATE_PACKET(p); /* No need to perform any detection on this packet, if the the given flag is set.*/ - if ((p->flags & PKT_NOPACKET_INSPECTION) || (TEST_PACKET_ACTION(p, + if ((p->flags & PKT_NOPACKET_INSPECTION) || (PACKET_TEST_ACTION(p, ACTION_DROP))) return 0; @@ -10924,7 +10924,7 @@ static int SigTestDropFlow03(void) goto end; } - if ( !(TEST_PACKET_ACTION(p2, ACTION_DROP))) { + if ( !(PACKET_TEST_ACTION(p2, ACTION_DROP))) { printf("A \"drop\" action should be set from the flow to the packet: "); goto end; } @@ -11055,7 +11055,7 @@ static int SigTestDropFlow04(void) goto end; } - if (!(TEST_PACKET_ACTION(p1, ACTION_DROP))) { + if (!(PACKET_TEST_ACTION(p1, ACTION_DROP))) { printf("A \"drop\" action was set from the flow to the packet " "which is right, but setting the flag shouldn't disable " "inspection on the packet in IDS mode"); @@ -11096,7 +11096,7 @@ static int SigTestDropFlow04(void) goto end; } - if (!(TEST_PACKET_ACTION(p2, ACTION_DROP))) { + if (!(PACKET_TEST_ACTION(p2, ACTION_DROP))) { printf("A \"drop\" action was set from the flow to the packet " "which is right, but setting the flag shouldn't disable " "inspection on the packet in IDS mode"); diff --git a/src/log-droplog.c b/src/log-droplog.c index 03972e2d01..f3172ddc6b 100644 --- a/src/log-droplog.c +++ b/src/log-droplog.c @@ -212,7 +212,7 @@ TmEcode LogDropLogNetFilter (ThreadVars *tv, Packet *p, void *data, PacketQueue uint16_t proto = 0; char timebuf[64]; - if (!(TEST_PACKET_ACTION(p, ACTION_DROP)) || PKT_IS_PSEUDOPKT(p)) { + if (!(PACKET_TEST_ACTION(p, ACTION_DROP)) || PKT_IS_PSEUDOPKT(p)) { return TM_ECODE_OK; } @@ -392,7 +392,7 @@ int LogDropLogTest01() DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt == 1 && (TEST_PACKET_ACTION(p, ACTION_DROP))) + if (p->alerts.cnt == 1 && (PACKET_TEST_ACTION(p, ACTION_DROP))) result = (strcmp(p->alerts.alerts[0].s->class_msg, "Unknown are we") == 0); else result = 0; diff --git a/src/respond-reject.c b/src/respond-reject.c index 235aff347e..742ace8d74 100644 --- a/src/respond-reject.c +++ b/src/respond-reject.c @@ -60,9 +60,9 @@ TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq int ret = 0; /* ACTION_REJECT defaults to rejecting the SRC */ - if (!(TEST_PACKET_ACTION(p, ACTION_REJECT)) && - !(TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) && - !(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH))) { + if (!(PACKET_TEST_ACTION(p, ACTION_REJECT)) && + !(PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) && + !(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH))) { return TM_ECODE_OK; } @@ -94,11 +94,11 @@ TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq } int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) { - if (TEST_PACKET_ACTION(p, ACTION_REJECT)) { + if (PACKET_TEST_ACTION(p, ACTION_REJECT)) { return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC); - } else if (TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) { + } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) { return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST); - } else if(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH)) { + } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) { if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC) == 0 && RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) { return 0; @@ -110,11 +110,11 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data) { } int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data) { - if (TEST_PACKET_ACTION(p, ACTION_REJECT)) { + if (PACKET_TEST_ACTION(p, ACTION_REJECT)) { return RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC); - } else if (TEST_PACKET_ACTION(p, ACTION_REJECT_DST)) { + } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) { return RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST); - } else if(TEST_PACKET_ACTION(p, ACTION_REJECT_BOTH)) { + } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) { if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC) == 0 && RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) { return 0; diff --git a/src/source-af-packet.c b/src/source-af-packet.c index 0db26abcec..1d5d8ae953 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -614,7 +614,7 @@ TmEcode AFPWritePacket(Packet *p) int socket; if (p->afp_v.copy_mode == AFP_COPY_MODE_IPS) { - if (TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (PACKET_TEST_ACTION(p, ACTION_DROP)) { return TM_ECODE_OK; } } diff --git a/src/source-ipfw.c b/src/source-ipfw.c index 00f094ee16..03a8ab8b6a 100644 --- a/src/source-ipfw.c +++ b/src/source-ipfw.c @@ -518,7 +518,7 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) IPFWpoll.fd = nq->fd; IPFWpoll.events = POLLWRNORM; - if (TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (PACKET_TEST_ACTION(p, ACTION_DROP)) { verdict = IPFW_DROP; } else { verdict = IPFW_ACCEPT; diff --git a/src/source-nfq.c b/src/source-nfq.c index c7245f23ac..89d4e48c3f 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -1014,7 +1014,7 @@ TmEcode NFQSetVerdict(Packet *p) { return TM_ECODE_OK; } - if (TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (PACKET_TEST_ACTION(p, ACTION_DROP)) { verdict = NF_DROP; #ifdef COUNTERS t->dropped++; diff --git a/src/stream-tcp.c b/src/stream-tcp.c index 7ea28b98e5..aa96de3abe 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -4165,7 +4165,7 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, FlowSetNoPacketInspectionFlag(p->flow); DecodeSetNoPacketInspectionFlag(p); FlowSetSessionNoApplayerInspectionFlag(p->flow); - UPDATE_PACKET_ACTION(p, ACTION_DROP); + PACKET_UPDATE_ACTION(p, ACTION_DROP); /* return the segments to the pool */ StreamTcpSessionPktFree(p); SCReturnInt(0); @@ -4377,7 +4377,7 @@ error: } if (StreamTcpInlineMode()) { - UPDATE_PACKET_ACTION(p, ACTION_DROP); + PACKET_UPDATE_ACTION(p, ACTION_DROP); } SCReturnInt(-1); } diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index ed991a34b8..fa7cc10a34 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -1642,7 +1642,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) { result = 0; goto end; } @@ -1650,7 +1650,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) { result = 0; goto end; } @@ -1658,7 +1658,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) { result = 0; goto end; } @@ -1669,7 +1669,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || !(TEST_PACKET_ACTION(p, ACTION_DROP))) { + if (p->alerts.cnt != 1 || !(PACKET_TEST_ACTION(p, ACTION_DROP))) { result = 0; goto end; } @@ -1680,7 +1680,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || !(TEST_PACKET_ACTION(p, ACTION_DROP))) { + if (p->alerts.cnt != 1 || !(PACKET_TEST_ACTION(p, ACTION_DROP))) { result = 0; goto end; } @@ -1691,7 +1691,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) { result = 0; goto end; } @@ -1699,7 +1699,7 @@ int SCThresholdConfTest09(void) p->alerts.cnt = 0; p->action = 0; SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (p->alerts.cnt != 1 || TEST_PACKET_ACTION(p, ACTION_DROP)) { + if (p->alerts.cnt != 1 || PACKET_TEST_ACTION(p, ACTION_DROP)) { result = 0; goto end; } @@ -2221,7 +2221,7 @@ static int SCThresholdConfTest15(void) goto end; } /* however, it should have set the drop flag */ - if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) { + if (!(PACKET_TEST_ACTION(p, ACTION_DROP))) { printf("sid 10000 should have set DROP flag even if suppressed: "); goto end; } @@ -2290,7 +2290,7 @@ static int SCThresholdConfTest16(void) goto end; } /* however, it should have set the drop flag */ - if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) { + if (!(PACKET_TEST_ACTION(p, ACTION_DROP))) { printf("sid 1000 should have set DROP flag even if suppressed: "); goto end; } @@ -2359,7 +2359,7 @@ static int SCThresholdConfTest17(void) goto end; } /* however, it should have set the drop flag */ - if (!(TEST_PACKET_ACTION(p, ACTION_DROP))) { + if (!(PACKET_TEST_ACTION(p, ACTION_DROP))) { printf("sid 10000 should have set DROP flag even if suppressed: "); goto end; }