From 63291d0f0175e4a9e59512f5781a637ac96bc996 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 11 Oct 2017 18:14:16 +0200 Subject: [PATCH] detect: style cleanup --- src/detect.c | 122 +++++++++++++++++++++++++-------------------------- 1 file changed, 60 insertions(+), 62 deletions(-) diff --git a/src/detect.c b/src/detect.c index 2515b3365c..d68b42abc9 100644 --- a/src/detect.c +++ b/src/detect.c @@ -947,78 +947,76 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT SCLogDebug("STREAM_EOF set"); } - { - /* store tenant_id in the flow so that we can use it - * for creating pseudo packets */ - if (p->tenant_id > 0 && pflow->tenant_id == 0) { - pflow->tenant_id = p->tenant_id; - } + /* store tenant_id in the flow so that we can use it + * for creating pseudo packets */ + if (p->tenant_id > 0 && pflow->tenant_id == 0) { + pflow->tenant_id = p->tenant_id; + } - /* live ruleswap check for flow updates */ - if (pflow->de_ctx_version == 0) { - /* first time this flow is inspected, set id */ - pflow->de_ctx_version = de_ctx->version; - } else if (pflow->de_ctx_version != de_ctx->version) { - /* first time we inspect flow with this de_ctx, reset */ - pflow->flags &= ~FLOW_SGH_TOSERVER; - pflow->flags &= ~FLOW_SGH_TOCLIENT; - pflow->sgh_toserver = NULL; - pflow->sgh_toclient = NULL; - - pflow->de_ctx_version = de_ctx->version; - GenericVarFree(pflow->flowvar); - pflow->flowvar = NULL; - - DetectEngineStateResetTxs(pflow); - } + /* live ruleswap check for flow updates */ + if (pflow->de_ctx_version == 0) { + /* first time this flow is inspected, set id */ + pflow->de_ctx_version = de_ctx->version; + } else if (pflow->de_ctx_version != de_ctx->version) { + /* first time we inspect flow with this de_ctx, reset */ + pflow->flags &= ~FLOW_SGH_TOSERVER; + pflow->flags &= ~FLOW_SGH_TOCLIENT; + pflow->sgh_toserver = NULL; + pflow->sgh_toclient = NULL; + + pflow->de_ctx_version = de_ctx->version; + GenericVarFree(pflow->flowvar); + pflow->flowvar = NULL; + + DetectEngineStateResetTxs(pflow); + } - /* set the iponly stuff */ - if (pflow->flags & FLOW_TOCLIENT_IPONLY_SET) - p->flowflags |= FLOW_PKT_TOCLIENT_IPONLY_SET; - if (pflow->flags & FLOW_TOSERVER_IPONLY_SET) - p->flowflags |= FLOW_PKT_TOSERVER_IPONLY_SET; - - /* Get the stored sgh from the flow (if any). Make sure we're not using - * the sgh for icmp error packets part of the same stream. */ - if (IP_GET_IPPROTO(p) == pflow->proto) { /* filter out icmp */ - PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH); - if ((p->flowflags & FLOW_PKT_TOSERVER) && (pflow->flags & FLOW_SGH_TOSERVER)) { - det_ctx->sgh = pflow->sgh_toserver; - SCLogDebug("det_ctx->sgh = pflow->sgh_toserver; => %p", det_ctx->sgh); - use_flow_sgh = true; - } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && (pflow->flags & FLOW_SGH_TOCLIENT)) { - det_ctx->sgh = pflow->sgh_toclient; - SCLogDebug("det_ctx->sgh = pflow->sgh_toclient; => %p", det_ctx->sgh); - use_flow_sgh = true; - } - PACKET_PROFILING_DETECT_END(p, PROF_DETECT_GETSGH); + /* set the iponly stuff */ + if (pflow->flags & FLOW_TOCLIENT_IPONLY_SET) + p->flowflags |= FLOW_PKT_TOCLIENT_IPONLY_SET; + if (pflow->flags & FLOW_TOSERVER_IPONLY_SET) + p->flowflags |= FLOW_PKT_TOSERVER_IPONLY_SET; + + /* Get the stored sgh from the flow (if any). Make sure we're not using + * the sgh for icmp error packets part of the same stream. */ + if (IP_GET_IPPROTO(p) == pflow->proto) { /* filter out icmp */ + PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH); + if ((p->flowflags & FLOW_PKT_TOSERVER) && (pflow->flags & FLOW_SGH_TOSERVER)) { + det_ctx->sgh = pflow->sgh_toserver; + SCLogDebug("det_ctx->sgh = pflow->sgh_toserver; => %p", det_ctx->sgh); + use_flow_sgh = true; + } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && (pflow->flags & FLOW_SGH_TOCLIENT)) { + det_ctx->sgh = pflow->sgh_toclient; + SCLogDebug("det_ctx->sgh = pflow->sgh_toclient; => %p", det_ctx->sgh); + use_flow_sgh = true; } + PACKET_PROFILING_DETECT_END(p, PROF_DETECT_GETSGH); + } - /* Retrieve the app layer state and protocol and the tcp reassembled - * stream chunks. */ - if ((p->proto == IPPROTO_TCP && (p->flags & PKT_STREAM_EST)) || + /* Retrieve the app layer state and protocol and the tcp reassembled + * stream chunks. */ + if ((p->proto == IPPROTO_TCP && (p->flags & PKT_STREAM_EST)) || (p->proto == IPPROTO_UDP) || (p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED))) - { - /* update flow flags with knowledge on disruptions */ - flow_flags = FlowGetDisruptionFlags(pflow, flow_flags); - has_state = (FlowGetAppState(pflow) != NULL); - alproto = FlowGetAppProtocol(pflow); - if (p->proto == IPPROTO_TCP && pflow->protoctx && + { + /* update flow flags with knowledge on disruptions */ + flow_flags = FlowGetDisruptionFlags(pflow, flow_flags); + has_state = (FlowGetAppState(pflow) != NULL); + alproto = FlowGetAppProtocol(pflow); + if (p->proto == IPPROTO_TCP && pflow->protoctx && StreamReassembleRawHasDataReady(pflow->protoctx, p)) { - p->flags |= PKT_DETECT_HAS_STREAMDATA; - } - SCLogDebug("alstate %s, alproto %u", has_state ? "true" : "false", alproto); - } else { - SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto); + p->flags |= PKT_DETECT_HAS_STREAMDATA; } - - app_decoder_events = AppLayerParserHasDecoderEvents(pflow, - pflow->alstate, - pflow->alparser, - flow_flags); + SCLogDebug("alstate %s, alproto %u", has_state ? "true" : "false", alproto); + } else { + SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto); } + app_decoder_events = AppLayerParserHasDecoderEvents(pflow, + pflow->alstate, + pflow->alparser, + flow_flags); + if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {