aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

decode: make PacketDrop use action as parameter

Browse Source 
A Packet may be dropped due to several different reasons. This change
adds action as a parameter, so we can update the packet action when we
drop it, instead of setting it to drop.

Related to
Bug #5458

(cherry picked from commit 1774ff18a6)
pull/7803/head
Juliana Fajardini 4 years ago
parent c56871c9e6
commit 6742ecbc9e
6 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File

20
src/decode.h
Unescape Escape View File

@ -906,12 +906,22 @@ void CaptureStatsSetup(ThreadVars *tv, CaptureStats *s);
#define PACKET_TEST_ACTION_DO(p, a) (p)->action &(a)
static inline void PacketDrop(Packet *p, enum PacketDropReason r)
#define PACKET_UPDATE_ACTION(p, a) (p)->action |= (a)
static inline void PacketUpdateAction(Packet *p, const uint8_t a)
{
if (likely(p->root == NULL)) {
PACKET_UPDATE_ACTION(p, a);
} else {
PACKET_UPDATE_ACTION(p->root, a);
}
}
static inline void PacketDrop(Packet *p, const uint8_t action, enum PacketDropReason r)
{
if (p->drop_reason == PKT_DROP_REASON_NOT_SET)
p->drop_reason = (uint8_t)r;
PACKET_SET_ACTION(p, ACTION_DROP);
PACKET_UPDATE_ACTION(p, action);
}
#define PACKET_DROP(p) PacketDrop((p), PKT_DROP_REASON_NOT_SET)
@ -925,12 +935,6 @@ static inline uint8_t PacketTestAction(const Packet *p, const uint8_t a)
}
#define PACKET_TEST_ACTION(p, a) PacketTestAction((p), (a))
#define PACKET_UPDATE_ACTION(p, a) do { \
((p)->root ? \
((p)->root->action |= a) : \
((p)->action |= a)); \
} while (0)
#define TUNNEL_INCR_PKT_RTV_NOLOCK(p) do { \
((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++); \
} while (0)

2
src/detect-engine-alert.c
Unescape Escape View File

@ -180,7 +180,7 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
s->action, alert_flags);
if (s->action & ACTION_DROP) {
PacketDrop(p, PKT_DROP_REASON_RULES);
PacketDrop(p, s->action, PKT_DROP_REASON_RULES);
if (p->alerts.drop.action == 0) {
p->alerts.drop.num = s->num;

2
src/detect-engine-threshold.c
Unescape Escape View File

@ -300,7 +300,7 @@ static inline void RateFilterSetAction(Packet *p, PacketAlert *pa, uint8_t new_a
pa->flags |= PACKET_ALERT_RATE_FILTER_MODIFIED;
break;
case TH_ACTION_DROP:
PacketDrop(p, PKT_DROP_REASON_RULES_THRESHOLD);
PacketDrop(p, new_action, PKT_DROP_REASON_RULES_THRESHOLD);
pa->flags |= PACKET_ALERT_RATE_FILTER_MODIFIED;
break;
case TH_ACTION_REJECT:

2
src/detect.c
Unescape Escape View File

@ -1560,7 +1560,7 @@ static void DetectFlow(ThreadVars *tv,
/* if flow is set to drop, we enforce that here */
if (p->flow->flags & FLOW_ACTION_DROP) {
PacketDrop(p, PKT_DROP_REASON_FLOW_DROP);
PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
SCReturn;
}

4
src/stream-tcp.c
Unescape Escape View File

@ -4874,7 +4874,7 @@ int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
FlowSetNoPacketInspectionFlag(p->flow);
DecodeSetNoPacketInspectionFlag(p);
StreamTcpDisableAppLayer(p->flow);
PacketDrop(p, PKT_DROP_REASON_FLOW_DROP);
PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
/* return the segments to the pool */
StreamTcpSessionPktFree(p);
SCReturnInt(0);
@ -5033,7 +5033,7 @@ error:
* anyway. Doesn't disable all detection, so we can still
* match on the stream event that was set. */
DecodeSetNoPayloadInspectionFlag(p);
PacketDrop(p, PKT_DROP_REASON_STREAM_ERROR);
PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_STREAM_ERROR);
}
SCReturnInt(-1);
}

2
src/util-exception-policy.c
Unescape Escape View File

@ -40,7 +40,7 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro
SCLogDebug("EXCEPTION_POLICY_DROP_PACKET");
DecodeSetNoPayloadInspectionFlag(p);
DecodeSetNoPacketInspectionFlag(p);
PacketDrop(p, drop_reason);
PacketDrop(p, ACTION_DROP, drop_reason);
break;
case EXCEPTION_POLICY_BYPASS_FLOW:
PacketBypassCallback(p);

Write Preview
Loading…
Cancel
Save