aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: style cleanup

Browse Source
pull/3013/head
Victor Julien 8 years ago
parent 64aec6aaea
commit 63291d0f01
1 changed files with 60 additions and 62 deletions
Show Stats Download Patch File Download Diff File

122
src/detect.c
Unescape Escape View File

@ -947,78 +947,76 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT
SCLogDebug("STREAM_EOF set"); SCLogDebug("STREAM_EOF set");
} }
{ /* store tenant_id in the flow so that we can use it
/* store tenant_id in the flow so that we can use it * for creating pseudo packets */
* for creating pseudo packets */ if (p->tenant_id > 0 && pflow->tenant_id == 0) {
if (p->tenant_id > 0 && pflow->tenant_id == 0) { pflow->tenant_id = p->tenant_id;
pflow->tenant_id = p->tenant_id; }
}
/* live ruleswap check for flow updates */ /* live ruleswap check for flow updates */
if (pflow->de_ctx_version == 0) { if (pflow->de_ctx_version == 0) {
/* first time this flow is inspected, set id */ /* first time this flow is inspected, set id */
pflow->de_ctx_version = de_ctx->version; pflow->de_ctx_version = de_ctx->version;
} else if (pflow->de_ctx_version != de_ctx->version) { } else if (pflow->de_ctx_version != de_ctx->version) {
/* first time we inspect flow with this de_ctx, reset */ /* first time we inspect flow with this de_ctx, reset */
pflow->flags &= ~FLOW_SGH_TOSERVER; pflow->flags &= ~FLOW_SGH_TOSERVER;
pflow->flags &= ~FLOW_SGH_TOCLIENT; pflow->flags &= ~FLOW_SGH_TOCLIENT;
pflow->sgh_toserver = NULL; pflow->sgh_toserver = NULL;
pflow->sgh_toclient = NULL; pflow->sgh_toclient = NULL;
pflow->de_ctx_version = de_ctx->version; pflow->de_ctx_version = de_ctx->version;
GenericVarFree(pflow->flowvar); GenericVarFree(pflow->flowvar);
pflow->flowvar = NULL; pflow->flowvar = NULL;
DetectEngineStateResetTxs(pflow); DetectEngineStateResetTxs(pflow);
} }
/* set the iponly stuff */ /* set the iponly stuff */
if (pflow->flags & FLOW_TOCLIENT_IPONLY_SET) if (pflow->flags & FLOW_TOCLIENT_IPONLY_SET)
p->flowflags |= FLOW_PKT_TOCLIENT_IPONLY_SET; p->flowflags |= FLOW_PKT_TOCLIENT_IPONLY_SET;
if (pflow->flags & FLOW_TOSERVER_IPONLY_SET) if (pflow->flags & FLOW_TOSERVER_IPONLY_SET)
p->flowflags |= FLOW_PKT_TOSERVER_IPONLY_SET; p->flowflags |= FLOW_PKT_TOSERVER_IPONLY_SET;
/* Get the stored sgh from the flow (if any). Make sure we're not using /* Get the stored sgh from the flow (if any). Make sure we're not using
* the sgh for icmp error packets part of the same stream. */ * the sgh for icmp error packets part of the same stream. */
if (IP_GET_IPPROTO(p) == pflow->proto) { /* filter out icmp */ if (IP_GET_IPPROTO(p) == pflow->proto) { /* filter out icmp */
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH);
if ((p->flowflags & FLOW_PKT_TOSERVER) && (pflow->flags & FLOW_SGH_TOSERVER)) { if ((p->flowflags & FLOW_PKT_TOSERVER) && (pflow->flags & FLOW_SGH_TOSERVER)) {
det_ctx->sgh = pflow->sgh_toserver; det_ctx->sgh = pflow->sgh_toserver;
SCLogDebug("det_ctx->sgh = pflow->sgh_toserver; => %p", det_ctx->sgh); SCLogDebug("det_ctx->sgh = pflow->sgh_toserver; => %p", det_ctx->sgh);
use_flow_sgh = true; use_flow_sgh = true;
} else if ((p->flowflags & FLOW_PKT_TOCLIENT) && (pflow->flags & FLOW_SGH_TOCLIENT)) { } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && (pflow->flags & FLOW_SGH_TOCLIENT)) {
det_ctx->sgh = pflow->sgh_toclient; det_ctx->sgh = pflow->sgh_toclient;
SCLogDebug("det_ctx->sgh = pflow->sgh_toclient; => %p", det_ctx->sgh); SCLogDebug("det_ctx->sgh = pflow->sgh_toclient; => %p", det_ctx->sgh);
use_flow_sgh = true; use_flow_sgh = true;
}
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_GETSGH);
} }
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_GETSGH);
}
/* Retrieve the app layer state and protocol and the tcp reassembled /* Retrieve the app layer state and protocol and the tcp reassembled
* stream chunks. */ * stream chunks. */
if ((p->proto == IPPROTO_TCP && (p->flags & PKT_STREAM_EST)) || if ((p->proto == IPPROTO_TCP && (p->flags & PKT_STREAM_EST)) ||
(p->proto == IPPROTO_UDP) || (p->proto == IPPROTO_UDP) ||
(p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED))) (p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED)))
{ {
/* update flow flags with knowledge on disruptions */ /* update flow flags with knowledge on disruptions */
flow_flags = FlowGetDisruptionFlags(pflow, flow_flags); flow_flags = FlowGetDisruptionFlags(pflow, flow_flags);
has_state = (FlowGetAppState(pflow) != NULL); has_state = (FlowGetAppState(pflow) != NULL);
alproto = FlowGetAppProtocol(pflow); alproto = FlowGetAppProtocol(pflow);
if (p->proto == IPPROTO_TCP && pflow->protoctx && if (p->proto == IPPROTO_TCP && pflow->protoctx &&
StreamReassembleRawHasDataReady(pflow->protoctx, p)) { StreamReassembleRawHasDataReady(pflow->protoctx, p)) {
p->flags |= PKT_DETECT_HAS_STREAMDATA; p->flags |= PKT_DETECT_HAS_STREAMDATA;
}
SCLogDebug("alstate %s, alproto %u", has_state ? "true" : "false", alproto);
} else {
SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto);
} }
SCLogDebug("alstate %s, alproto %u", has_state ? "true" : "false", alproto);
app_decoder_events = AppLayerParserHasDecoderEvents(pflow, } else {
pflow->alstate, SCLogDebug("packet doesn't have established flag set (proto %d)", p->proto);
pflow->alparser,
flow_flags);
} }
app_decoder_events = AppLayerParserHasDecoderEvents(pflow,
pflow->alstate,
pflow->alparser,
flow_flags);
if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET)))
{ {

Write Preview
Loading…
Cancel
Save