From 66257f37ebfdfc24a3f5b045cf7548898a3e5aa0 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 11 Jun 2020 09:22:10 +0200
Subject: [PATCH] reject: never return error

Errors by thread modules are not handled.
---
 src/respond-reject-libnet11.c |  9 ++---
 src/respond-reject-libnet11.h |  3 +-
 src/respond-reject.c          | 64 +++++++++++++----------------------
 src/respond-reject.h          |  2 +-
 4 files changed, 28 insertions(+), 50 deletions(-)

diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c
index ae238db873..c74e0f4688 100644
--- a/src/respond-reject-libnet11.c
+++ b/src/respond-reject-libnet11.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -80,7 +80,6 @@ typedef struct Libnet11Packet_ {
 
 int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
 {
-
     Libnet11Packet lpacket;
     libnet_t *c; /* libnet context */
     char ebuf[LIBNET_ERRBUF_SIZE];
@@ -103,7 +102,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
     }
 
     if (p->tcph == NULL)
-       return 1;
+        return 1;
 
     /* save payload len */
     lpacket.dsize = p->payload_len;
@@ -216,7 +215,6 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
     lpacket.id = 0;
     lpacket.flow = 0;
     lpacket.class = 0;
-
     lpacket.len = (IPV4_GET_HLEN(p) + p->payload_len);
 
     if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
@@ -292,7 +290,6 @@ cleanup:
 
 int RejectSendLibnet11L3IPv6TCP(ThreadVars *tv, Packet *p, void *data, int dir)
 {
-
     Libnet11Packet lpacket;
     libnet_t *c; /* libnet context */
     char ebuf[LIBNET_ERRBUF_SIZE];
@@ -427,8 +424,6 @@ int RejectSendLibnet11L3IPv6ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
     lpacket.id = 0;
     lpacket.flow = 0;
     lpacket.class = 0;
-
-
     lpacket.len = IPV6_GET_PLEN(p) + IPV6_HEADER_LEN;
 
     if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
diff --git a/src/respond-reject-libnet11.h b/src/respond-reject-libnet11.h
index f2e605b916..06fdde45f4 100644
--- a/src/respond-reject-libnet11.h
+++ b/src/respond-reject-libnet11.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -30,4 +30,5 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *, Packet *, void *,int);
 
 int RejectSendLibnet11L3IPv6TCP(ThreadVars *, Packet *, void *,int);
 int RejectSendLibnet11L3IPv6ICMP(ThreadVars *, Packet *, void *,int);
+
 #endif /* __RESPOND_REJECT_LIBNET11_H__ */
diff --git a/src/respond-reject.c b/src/respond-reject.c
index 84fcd0203a..d32a197c55 100644
--- a/src/respond-reject.c
+++ b/src/respond-reject.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -22,8 +22,6 @@
  *
  * RespondReject is a threaded wrapper for sending Rejects
  *
- * \todo RespondRejectFunc returns 1 on error, 0 on ok... why? For now it should
- *   just return 0 always, error handling is a TODO in the threading model (VJ)
  */
 
 #include "suricata-common.h"
@@ -59,8 +57,6 @@ void TmModuleRespondRejectRegister (void)
 
 static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
 {
-    int ret = 0;
-
     /* ACTION_REJECT defaults to rejecting the SRC */
     if (!(PACKET_TEST_ACTION(p, ACTION_REJECT)) &&
         !(PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) &&
@@ -70,44 +66,36 @@ static TmEcode RespondRejectFunc(ThreadVars *tv, Packet *p, void *data)
 
     if (PKT_IS_IPV4(p)) {
         if (PKT_IS_TCP(p)) {
-            ret = RejectSendIPv4TCP(tv, p, data);
+            (void)RejectSendIPv4TCP(tv, p, data);
         } else {
-            ret = RejectSendIPv4ICMP(tv, p, data);
+            (void)RejectSendIPv4ICMP(tv, p, data);
         }
     } else if (PKT_IS_IPV6(p)) {
         if (PKT_IS_TCP(p)) {
-            ret = RejectSendIPv6TCP(tv, p, data);
+            (void)RejectSendIPv6TCP(tv, p, data);
         } else {
-            ret = RejectSendIPv6ICMP(tv, p, data);
+            (void)RejectSendIPv6ICMP(tv, p, data);
         }
-    } else {
-        /* we're only supporting IPv4 and IPv6 */
-        return TM_ECODE_OK;
     }
 
-    if (ret)
-        return TM_ECODE_FAILED;
-    else
-        return TM_ECODE_OK;
+    return TM_ECODE_OK;
 }
 
 int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
 {
     SCEnter();
-    int r = 0;
     if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
-        r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
         SCReturnInt(r);
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
-        r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
+        int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST);
         SCReturnInt(r);
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        int ret;
-        ret = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
         if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(ret);
+            SCReturnInt(r);
         }
     }
     SCReturnInt(0);
@@ -116,20 +104,19 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
 int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
 {
     SCEnter();
-    int r = 0;
     if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
-        r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
         SCReturnInt(r);
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
-        r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
+        int r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST);
         SCReturnInt(r);
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        int ret;
-        ret = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
+        int r;
+        r = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
         if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(ret);
+            SCReturnInt(r);
         }
     }
     SCReturnInt(0);
@@ -138,20 +125,18 @@ int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
 int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
 {
     SCEnter();
-    int r = 0;
     if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
-        r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
         SCReturnInt(r);
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
-        r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST);
+        int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST);
         SCReturnInt(r);
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        int ret;
-        ret = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
         if (RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(ret);
+            SCReturnInt(r);
         }
     }
     SCReturnInt(0);
@@ -160,22 +145,19 @@ int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
 int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data)
 {
     SCEnter();
-    int r = 0;
     if (PACKET_TEST_ACTION(p, ACTION_REJECT)) {
-        r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
         SCReturnInt(r);
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
-        r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST);
+        int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST);
         SCReturnInt(r);
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        int ret;
-        ret = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
+        int r = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
         if (RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(ret);
+            SCReturnInt(r);
         }
     }
     SCReturnInt(0);
 }
-
diff --git a/src/respond-reject.h b/src/respond-reject.h
index b731b29785..a05338d528 100644
--- a/src/respond-reject.h
+++ b/src/respond-reject.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2020 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free