diff --git a/libhtp/htp/htp_decompressors.c b/libhtp/htp/htp_decompressors.c index 173bfc6c7d..d9a0c0d5c6 100644 --- a/libhtp/htp/htp_decompressors.c +++ b/libhtp/htp/htp_decompressors.c @@ -44,7 +44,7 @@ static int htp_gzip_decompressor_decompress(htp_decompressor_gzip_t *drec, htp_t if (d->data[3] == 0) { drec->initialized = 1; consumed = 10; - } else if (d->data[3] & (1 << 3) || d->data[3] & (1 << 4)) { + } else if ((d->data[3] & (1 << 3)) || (d->data[3] & (1 << 4))) { /* skip past * - FNAME extension, which is a name ended in a NUL terminator * or diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index b4708f0869..518302c38b 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -316,8 +316,8 @@ TmEcode AlertDebugLogger(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size, p->payload, p->payload_len); } - if (pa->flags & PACKET_ALERT_FLAG_STATE_MATCH || - pa->flags & PACKET_ALERT_FLAG_STREAM_MATCH) { + if ((pa->flags & PACKET_ALERT_FLAG_STATE_MATCH) || + (pa->flags & PACKET_ALERT_FLAG_STREAM_MATCH)) { /* This is an app layer or stream alert */ int ret; uint8_t flag; diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c index 22309afdfd..9628186d0a 100644 --- a/src/alert-fastlog.c +++ b/src/alert-fastlog.c @@ -140,7 +140,7 @@ TmEcode AlertFastLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, continue; } - if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { + if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { action = "[Drop] "; } else if (pa->action & ACTION_DROP) { action = "[wDrop] "; @@ -190,7 +190,7 @@ TmEcode AlertFastLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, continue; } - if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { + if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { action = "[Drop] "; } else if (pa->action & ACTION_DROP) { action = "[wDrop] "; @@ -238,7 +238,7 @@ TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQu continue; } - if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { + if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { action = "[Drop] "; } else if (pa->action & ACTION_DROP) { action = "[wDrop] "; diff --git a/src/alert-syslog.c b/src/alert-syslog.c index fd0ce71ef5..2503ededf7 100644 --- a/src/alert-syslog.c +++ b/src/alert-syslog.c @@ -275,7 +275,7 @@ TmEcode AlertSyslogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip)); - if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { + if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { action = "[Drop] "; } else if (pa->action & ACTION_DROP) { action = "[wDrop] "; @@ -336,7 +336,7 @@ TmEcode AlertSyslogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); - if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { + if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { action = "[Drop] "; } else if (pa->action & ACTION_DROP) { action = "[wDrop] "; @@ -399,7 +399,7 @@ TmEcode AlertSyslogDecoderEvent(ThreadVars *tv, Packet *p, void *data, continue; } - if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { + if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { action = "[Drop] "; } else if (pa->action & ACTION_DROP) { action = "[wDrop] "; diff --git a/src/app-layer-dcerpc.c b/src/app-layer-dcerpc.c index 27162d8991..79b64cbcd8 100644 --- a/src/app-layer-dcerpc.c +++ b/src/app-layer-dcerpc.c @@ -1117,7 +1117,7 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le * frags from a fresh request/response. Also if the state is in the * process of processing a fragmented pdu, we should append to the * existing stub and not reset the stub buffer */ - if (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG && + if ((dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) && !dcerpc->pdu_fragged) { *stub_data_buffer_len = 0; /* just a hack to get thing working. We shouldn't be setting @@ -1405,7 +1405,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) { if (dcerpc->bytesprocessed < 10) { /* if the parser is known to be fragmented at this stage itself, * we reset the stub buffer here itself */ - if (!dcerpc->pdu_fragged && dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) { + if (!dcerpc->pdu_fragged && (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG)) { DCERPCResetStub(dcerpc); } dcerpc->pdu_fragged = 1; @@ -1416,7 +1416,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) { } else { /* if the parser is known to be fragmented at this stage itself, * we reset the stub buffer here itself */ - if (!dcerpc->pdu_fragged && dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) { + if (!dcerpc->pdu_fragged && (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG)) { DCERPCResetStub(dcerpc); } dcerpc->pdu_fragged = 1; @@ -1710,7 +1710,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) { SCReturnInt(0); } else { if (!dcerpc->pdu_fragged && - dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) { + (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG)) { DCERPCResetStub(dcerpc); } /* temporary fix */ diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 18c8494b2e..3baad6f3d9 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -570,7 +570,7 @@ uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *ctx, Flow *f, while (pe != NULL) { if ((buflen < pe->min_depth) || - al_proto_masks[0] & pe->al_proto_mask) { + (al_proto_masks[0] & pe->al_proto_mask)) { pe = pe->next; continue; } diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c index b8d526dcbc..a6a21eb27e 100644 --- a/src/app-layer-htp-file.c +++ b/src/app-layer-htp-file.c @@ -101,8 +101,8 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len, files = s->files_tc; files_opposite = s->files_ts; - if (s->flags & HTP_FLAG_STORE_FILES_TS || - (s->flags & HTP_FLAG_STORE_FILES_TX_TS && txid == s->store_tx_id)) { + if ((s->flags & HTP_FLAG_STORE_FILES_TS) || + ((s->flags & HTP_FLAG_STORE_FILES_TX_TS) && txid == s->store_tx_id)) { flags |= FILE_STORE; } @@ -116,7 +116,7 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len, flags |= FILE_NOMD5; } - if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE_TC) { + if (!(flags & FILE_STORE) && (s->f->flags & FLOW_FILE_NO_STORE_TC)) { flags |= FILE_NOSTORE; } } else { @@ -131,8 +131,8 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len, files = s->files_ts; files_opposite = s->files_tc; - if (s->flags & HTP_FLAG_STORE_FILES_TC || - (s->flags & HTP_FLAG_STORE_FILES_TX_TC && txid == s->store_tx_id)) { + if ((s->flags & HTP_FLAG_STORE_FILES_TC) || + ((s->flags & HTP_FLAG_STORE_FILES_TX_TC) && txid == s->store_tx_id)) { flags |= FILE_STORE; } if (s->f->flags & FLOW_FILE_NO_MAGIC_TS) { @@ -145,7 +145,7 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len, flags |= FILE_NOMD5; } - if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE_TS) { + if (!(flags & FILE_STORE) && (s->f->flags & FLOW_FILE_NO_STORE_TS)) { flags |= FILE_NOSTORE; } } diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index d1fadcd556..c8ed30417e 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -1310,7 +1310,7 @@ int HtpRequestBodyHandleMultipart(HtpState *hstate, HtpTxUserData *htud, /* if we're in the file storage process, deal with that now */ if (htud->tsflags & HTP_FILENAME_SET) { - if (header_start != NULL || form_end != NULL || htud->tsflags & HTP_REQ_BODY_COMPLETE) { + if (header_start != NULL || form_end != NULL || (htud->tsflags & HTP_REQ_BODY_COMPLETE)) { SCLogDebug("reached the end of the file"); uint8_t *filedata = chunks_buffer; diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c index 09918960cc..9ee40b8d1c 100644 --- a/src/app-layer-parser.c +++ b/src/app-layer-parser.c @@ -934,7 +934,7 @@ int AppLayerParse(void *local_data, Flow *f, uint8_t proto, } } - if (parser_idx == 0 || parser_state->flags & APP_LAYER_PARSER_DONE) { + if (parser_idx == 0 || (parser_state->flags & APP_LAYER_PARSER_DONE)) { SCLogDebug("no parser for protocol %" PRIu32 "", proto); SCReturnInt(0); } diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 6dc1f4b500..eca710872e 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -745,7 +745,7 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt /* fresh record */ case 0: /* only SSLv2, has one of the top 2 bits set */ - if (input[0] & 0x80 || input[0] & 0x40) { + if ((input[0] & 0x80) || (input[0] & 0x40)) { SCLogDebug("SSLv2 detected"); ssl_state->curr_connp->version = SSL_VERSION_2; retval = SSLv2Decode(direction, ssl_state, pstate, input, diff --git a/src/app-layer.c b/src/app-layer.c index be22283df6..304f1187c0 100644 --- a/src/app-layer.c +++ b/src/app-layer.c @@ -133,11 +133,11 @@ int AppLayerHandleTCPData(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, * initializer message, we run proto detection. * We receive 2 stream init msgs (one for each direction) but we * only run the proto detection once. */ - if (f->alproto == ALPROTO_UNKNOWN && flags & STREAM_GAP) { + if (f->alproto == ALPROTO_UNKNOWN && (flags & STREAM_GAP)) { ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f); StreamTcpSetSessionNoReassemblyFlag(ssn, 0); - } else if (f->alproto == ALPROTO_UNKNOWN && flags & STREAM_START) { + } else if (f->alproto == ALPROTO_UNKNOWN && (flags & STREAM_START)) { SCLogDebug("Stream initializer (len %" PRIu32 ")", data_len); #ifdef PRINT if (data_len > 0) { @@ -161,8 +161,8 @@ int AppLayerHandleTCPData(AlpProtoDetectThreadCtx *dp_ctx, Flow *f, r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, data, data_len); PACKET_PROFILING_APP_END(dp_ctx, f->alproto); } else { - if (f->flags & FLOW_TS_PM_PP_ALPROTO_DETECT_DONE && - f->flags & FLOW_TC_PM_PP_ALPROTO_DETECT_DONE) { + if ((f->flags & FLOW_TS_PM_PP_ALPROTO_DETECT_DONE) && + (f->flags & FLOW_TC_PM_PP_ALPROTO_DETECT_DONE)) { FlowSetSessionNoApplayerInspectionFlag(f); ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; } diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index 35c2e27c51..558822671c 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -599,7 +599,7 @@ int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH); } } else if (s->alproto == ALPROTO_DCERPC && - data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { + (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE)) { SigMatch *pm = NULL; SigMatch *dm = NULL; diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 68ed674bd4..9b7a051a5d 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -584,7 +584,7 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH); } } else if (s->alproto == ALPROTO_DCERPC && - data->flags & DETECT_BYTEJUMP_RELATIVE) { + (data->flags & DETECT_BYTEJUMP_RELATIVE)) { SigMatch *pm = NULL; SigMatch *dm = NULL; diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index 50ad805024..391d3bbc05 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -506,7 +506,7 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr) SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH); } } else if (s->alproto == ALPROTO_DCERPC && - data->flags & DETECT_BYTETEST_RELATIVE) { + (data->flags & DETECT_BYTETEST_RELATIVE)) { SigMatch *pm = NULL; SigMatch *dm = NULL; diff --git a/src/detect-content.h b/src/detect-content.h index a3d478e88c..0c1246edeb 100644 --- a/src/detect-content.h +++ b/src/detect-content.h @@ -55,11 +55,11 @@ * the inspection phase */ #define DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED (1 << 16) -#define DETECT_CONTENT_IS_SINGLE(c) (!((c)->flags & DETECT_CONTENT_DISTANCE || \ - (c)->flags & DETECT_CONTENT_WITHIN || \ - (c)->flags & DETECT_CONTENT_RELATIVE_NEXT || \ - (c)->flags & DETECT_CONTENT_DEPTH || \ - (c)->flags & DETECT_CONTENT_OFFSET)) +#define DETECT_CONTENT_IS_SINGLE(c) (!( ((c)->flags & DETECT_CONTENT_DISTANCE) || \ + ((c)->flags & DETECT_CONTENT_WITHIN) || \ + ((c)->flags & DETECT_CONTENT_RELATIVE_NEXT) || \ + ((c)->flags & DETECT_CONTENT_DEPTH) || \ + ((c)->flags & DETECT_CONTENT_OFFSET) )) #include "util-spm-bm.h" diff --git a/src/detect-depth.c b/src/detect-depth.c index 8eeace5c5c..a56ef68b0c 100644 --- a/src/detect-depth.c +++ b/src/detect-depth.c @@ -139,7 +139,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths } } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " "with a non-relative keyword for the same content." ); goto error; diff --git a/src/detect-distance.c b/src/detect-distance.c index 99011b1ec7..37da986dbd 100644 --- a/src/detect-distance.c +++ b/src/detect-distance.c @@ -213,7 +213,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, } } - if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) { + if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " "with a non-relative keyword for the same content." ); goto error; diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c index fff5c76207..6bdb6562b6 100644 --- a/src/detect-engine-address.c +++ b/src/detect-engine-address.c @@ -1478,7 +1478,7 @@ int DetectAddressCmp(DetectAddress *a, DetectAddress *b) return ADDRESS_ER; /* check any */ - if (a->flags & ADDRESS_FLAG_ANY && b->flags & ADDRESS_FLAG_ANY) + if ((a->flags & ADDRESS_FLAG_ANY) && (b->flags & ADDRESS_FLAG_ANY)) return ADDRESS_EQ; else if (a->ip.family == AF_INET) return DetectAddressCmpIPv4(a, b); diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c index e1839f7498..3ce9cc2563 100644 --- a/src/detect-engine-alert.c +++ b/src/detect-engine-alert.c @@ -224,8 +224,8 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx } if (s->flags & SIG_FLAG_IPONLY) { - if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || - (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { + if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || + ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { SCLogDebug("testing against \"ip-only\" signatures"); if (p->flow != NULL) { @@ -258,7 +258,7 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx break; /* if the signature wants to drop, check if the * PACKET_ALERT_FLAG_DROP_FLOW flag is set. */ - } else if (p->action & ACTION_DROP && + } else if ((p->action & ACTION_DROP) && ((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) || (s->flags & SIG_FLAG_APPLAYER)) && p->flow != NULL) diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c index 078c98c886..64e97062a3 100644 --- a/src/detect-engine-analyzer.c +++ b/src/detect-engine-analyzer.c @@ -632,10 +632,10 @@ void EngineAnalysisRules(Signature *s, char *line) } else if (sm->type == DETECT_FLOW) { rule_flow += 1; - if (s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) { + if ((s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) { rule_flow_toserver = 1; } - else if (s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) { + else if ((s->flags & SIG_FLAG_TOCLIENT) && !(s->flags & SIG_FLAG_TOSERVER)) { rule_flow_toclient = 1; } DetectFlowData *fd = (DetectFlowData *)sm->ctx; diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c index 2546f7daeb..24f1a78492 100644 --- a/src/detect-engine-content-inspection.c +++ b/src/detect-engine-content-inspection.c @@ -134,8 +134,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx uint32_t prev_buffer_offset = det_ctx->buffer_offset; do { - if (cd->flags & DETECT_CONTENT_DISTANCE || - cd->flags & DETECT_CONTENT_WITHIN) { + if ((cd->flags & DETECT_CONTENT_DISTANCE) || + (cd->flags & DETECT_CONTENT_WITHIN)) { SCLogDebug("det_ctx->buffer_offset %"PRIu32, det_ctx->buffer_offset); offset = prev_buffer_offset; @@ -255,9 +255,9 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) { SCReturnInt(0); - } else if (found == NULL && cd->flags & DETECT_CONTENT_NEGATED) { + } else if (found == NULL && (cd->flags & DETECT_CONTENT_NEGATED)) { goto match; - } else if (found != NULL && cd->flags & DETECT_CONTENT_NEGATED) { + } else if (found != NULL && (cd->flags & DETECT_CONTENT_NEGATED)) { SCLogDebug("content %"PRIu32" matched at offset %"PRIu32", but negated so no match", cd->id, match_offset); /* don't bother carrying recursive matches now, for preceding * relative keywords */ @@ -444,7 +444,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx /* if we have dce enabled we will have to use the endianness * specified by the dce header */ - if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN && + if ((bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) && endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) { DCERPCState *dcerpc_state = (DCERPCState *)data; diff --git a/src/detect-engine-file.c b/src/detect-engine-file.c index 17bed6d3fe..b7d860ae20 100644 --- a/src/detect-engine-file.c +++ b/src/detect-engine-file.c @@ -102,31 +102,31 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, break; } - if (s->file_flags & FILE_SIG_NEED_FILENAME && file->name == NULL) { + if ((s->file_flags & FILE_SIG_NEED_FILENAME) && file->name == NULL) { SCLogDebug("sig needs filename, but we don't have any"); r = 0; break; } - if (s->file_flags & FILE_SIG_NEED_MAGIC && file->chunks_head == NULL) { + if ((s->file_flags & FILE_SIG_NEED_MAGIC) && file->chunks_head == NULL) { SCLogDebug("sig needs file content, but we don't have any"); r = 0; break; } - if (s->file_flags & FILE_SIG_NEED_FILECONTENT && file->chunks_head == NULL) { + if ((s->file_flags & FILE_SIG_NEED_FILECONTENT) && file->chunks_head == NULL) { SCLogDebug("sig needs file content, but we don't have any"); r = 0; break; } - if (s->file_flags & FILE_SIG_NEED_MD5 && (!(file->flags & FILE_MD5))) { + if ((s->file_flags & FILE_SIG_NEED_MD5) && (!(file->flags & FILE_MD5))) { SCLogDebug("sig needs file md5, but we don't have any"); r = 0; break; } - if (s->file_flags & FILE_SIG_NEED_SIZE && file->state < FILE_STATE_CLOSED) { + if ((s->file_flags & FILE_SIG_NEED_SIZE) && file->state < FILE_STATE_CLOSED) { SCLogDebug("sig needs filesize, but state < FILE_STATE_CLOSED"); r = 0; break; @@ -157,7 +157,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, /* if this is a filestore sig, and the sig can't match * return 3 so we can distinguish */ - if (s->flags & SIG_FLAG_FILESTORE && r == 2) + if ((s->flags & SIG_FLAG_FILESTORE) && r == 2) r = 3; /* continue, this file may (or may not) be unable to match diff --git a/src/detect-engine-port.c b/src/detect-engine-port.c index cb0c03b49b..1ccb29dd7e 100644 --- a/src/detect-engine-port.c +++ b/src/detect-engine-port.c @@ -685,11 +685,11 @@ error: * */ int DetectPortCmp(DetectPort *a, DetectPort *b) { /* check any */ - if (a->flags & PORT_FLAG_ANY && b->flags & PORT_FLAG_ANY) + if ((a->flags & PORT_FLAG_ANY) && (b->flags & PORT_FLAG_ANY)) return PORT_EQ; - if (a->flags & PORT_FLAG_ANY && !(b->flags & PORT_FLAG_ANY)) + if ((a->flags & PORT_FLAG_ANY) && !(b->flags & PORT_FLAG_ANY)) return PORT_LT; - if (!(a->flags & PORT_FLAG_ANY) && b->flags & PORT_FLAG_ANY) + if (!(a->flags & PORT_FLAG_ANY) && (b->flags & PORT_FLAG_ANY)) return PORT_GT; uint16_t a_port1 = a->port; diff --git a/src/detect-engine-sigorder.c b/src/detect-engine-sigorder.c index 6f01e4de77..5dbcf9fe90 100644 --- a/src/detect-engine-sigorder.c +++ b/src/detect-engine-sigorder.c @@ -172,7 +172,7 @@ static inline int SCSigGetFlowvarType(Signature *sig) while (sm != NULL) { pd = (DetectPcreData *)sm->ctx; - if (sm->type == DETECT_PCRE && pd->flags & DETECT_PCRE_CAPTURE_FLOW) { + if (sm->type == DETECT_PCRE && (pd->flags & DETECT_PCRE_CAPTURE_FLOW)) { type = DETECT_FLOWVAR_TYPE_SET; return type; } @@ -217,7 +217,7 @@ static inline int SCSigGetPktvarType(Signature *sig) while (sm != NULL) { pd = (DetectPcreData *)sm->ctx; - if (sm->type == DETECT_PCRE && pd->flags & DETECT_PCRE_CAPTURE_PKT) { + if (sm->type == DETECT_PCRE && (pd->flags & DETECT_PCRE_CAPTURE_PKT)) { type = DETECT_PKTVAR_TYPE_SET; return type; } diff --git a/src/detect-engine-state.c b/src/detect-engine-state.c index f8b8ce854b..95b4513825 100644 --- a/src/detect-engine-state.c +++ b/src/detect-engine-state.c @@ -605,12 +605,12 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete /* check first if we have received new files in the livetime of * this de_state (this tx). */ if (item->flags & (DE_STATE_FLAG_FILE_TC_INSPECT|DE_STATE_FLAG_FILE_TS_INSPECT)) { - if (flags & STREAM_TOCLIENT && f->de_state->flags & DE_STATE_FILE_TC_NEW) { + if ((flags & STREAM_TOCLIENT) && (f->de_state->flags & DE_STATE_FILE_TC_NEW)) { item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT; item->flags &= ~DE_STATE_FLAG_FULL_MATCH; } - if (flags & STREAM_TOSERVER && f->de_state->flags & DE_STATE_FILE_TS_NEW) { + if ((flags & STREAM_TOSERVER) && (f->de_state->flags & DE_STATE_FILE_TS_NEW)) { item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT; item->flags &= ~DE_STATE_FLAG_FULL_MATCH; } @@ -625,17 +625,17 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete /* if we know for sure we can't ever match, detect that here */ if (item->flags & DE_STATE_FLAG_SIG_CANT_MATCH) { - if (flags & STREAM_TOSERVER && - item->flags & DE_STATE_FLAG_FILE_TS_INSPECT && - f->de_state->flags & DE_STATE_FILE_TS_NEW) { + if ((flags & STREAM_TOSERVER) && + (item->flags & DE_STATE_FLAG_FILE_TS_INSPECT) && + (f->de_state->flags & DE_STATE_FILE_TS_NEW)) { /* new file, fall through */ item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT; item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH; - } else if (flags & STREAM_TOCLIENT && - item->flags & DE_STATE_FLAG_FILE_TC_INSPECT && - f->de_state->flags & DE_STATE_FILE_TC_NEW) { + } else if ((flags & STREAM_TOCLIENT) && + (item->flags & DE_STATE_FLAG_FILE_TC_INSPECT) && + (f->de_state->flags & DE_STATE_FILE_TC_NEW)) { /* new file, fall through */ item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT; @@ -648,9 +648,9 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete } /* only inspect in the right direction here */ - if (flags & STREAM_TOSERVER && !(s->flags & SIG_FLAG_TOSERVER)) + if ((flags & STREAM_TOSERVER) && !(s->flags & SIG_FLAG_TOSERVER)) continue; - else if (flags & STREAM_TOCLIENT && !(s->flags & SIG_FLAG_TOCLIENT)) + else if ((flags & STREAM_TOCLIENT) && !(s->flags & SIG_FLAG_TOCLIENT)) continue; RULE_PROFILING_START; diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c index da8270dce8..56a3a87062 100644 --- a/src/detect-fast-pattern.c +++ b/src/detect-fast-pattern.c @@ -206,11 +206,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a } cd = pm->ctx; - if (cd->flags & DETECT_CONTENT_NEGATED && - (cd->flags & DETECT_CONTENT_DISTANCE || - cd->flags & DETECT_CONTENT_WITHIN || - cd->flags & DETECT_CONTENT_OFFSET || - cd->flags & DETECT_CONTENT_DEPTH)) { + if ((cd->flags & DETECT_CONTENT_NEGATED) && + ((cd->flags & DETECT_CONTENT_DISTANCE) || + (cd->flags & DETECT_CONTENT_WITHIN) || + (cd->flags & DETECT_CONTENT_OFFSET) || + (cd->flags & DETECT_CONTENT_DEPTH))) { /* we can't have any of these if we are having "only" */ SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be " @@ -249,11 +249,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a strlen(arg), 0, 0, ov, MAX_SUBSTRINGS); /* fast pattern only */ if (ret == 2) { - if (cd->flags & DETECT_CONTENT_NEGATED || - cd->flags & DETECT_CONTENT_DISTANCE || - cd->flags & DETECT_CONTENT_WITHIN || - cd->flags & DETECT_CONTENT_OFFSET || - cd->flags & DETECT_CONTENT_DEPTH) { + if ((cd->flags & DETECT_CONTENT_NEGATED) || + (cd->flags & DETECT_CONTENT_DISTANCE) || + (cd->flags & DETECT_CONTENT_WITHIN) || + (cd->flags & DETECT_CONTENT_OFFSET) || + (cd->flags & DETECT_CONTENT_DEPTH)) { /* we can't have any of these if we are having "only" */ SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern: only; cannot be " diff --git a/src/detect-file-data.c b/src/detect-file-data.c index 608c8b58ca..7b826ca8fb 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -74,7 +74,7 @@ void DetectFiledataRegister(void) { static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { SCEnter(); - if (s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) { + if ((s->init_flags & SIG_FLAG_INIT_FLOW) && (s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with flow:to_server or from_client with http."); return -1; } diff --git a/src/detect-fileext.c b/src/detect-fileext.c index b6f00c19a3..c669b5e41c 100644 --- a/src/detect-fileext.c +++ b/src/detect-fileext.c @@ -119,7 +119,7 @@ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, } } - if (ret == 0 && fileext->flags & DETECT_CONTENT_NEGATED) { + if (ret == 0 && (fileext->flags & DETECT_CONTENT_NEGATED)) { SCLogDebug("negated match"); ret = 1; } diff --git a/src/detect-filename.c b/src/detect-filename.c index b978bc039e..adae57b177 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -124,7 +124,7 @@ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, } } - if (ret == 0 && filename->flags & DETECT_CONTENT_NEGATED) { + if (ret == 0 && (filename->flags & DETECT_CONTENT_NEGATED)) { SCLogDebug("negated match"); ret = 1; } diff --git a/src/detect-filestore.c b/src/detect-filestore.c index e116ce48f0..e31550fbcb 100644 --- a/src/detect-filestore.c +++ b/src/detect-filestore.c @@ -137,9 +137,9 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData case FILESTORE_SCOPE_DEFAULT: if (rule_dir) { this_file = 1; - } else if (p->flowflags & FLOW_PKT_TOCLIENT && toclient_dir) { + } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && toclient_dir) { this_file = 1; - } else if (p->flowflags & FLOW_PKT_TOSERVER && toserver_dir) { + } else if ((p->flowflags & FLOW_PKT_TOSERVER) && toserver_dir) { this_file = 1; } break; diff --git a/src/detect-flow.c b/src/detect-flow.c index d7565731be..fa7d3242fa 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -127,13 +127,13 @@ int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, S uint8_t cnt = 0; DetectFlowData *fd = (DetectFlowData *)m->ctx; - if (fd->flags & FLOW_PKT_TOSERVER && p->flowflags & FLOW_PKT_TOSERVER) { + if ((fd->flags & FLOW_PKT_TOSERVER) && (p->flowflags & FLOW_PKT_TOSERVER)) { cnt++; - } else if (fd->flags & FLOW_PKT_TOCLIENT && p->flowflags & FLOW_PKT_TOCLIENT) { + } else if ((fd->flags & FLOW_PKT_TOCLIENT) && (p->flowflags & FLOW_PKT_TOCLIENT)) { cnt++; } - if (fd->flags & FLOW_PKT_ESTABLISHED && p->flowflags & FLOW_PKT_ESTABLISHED) { + if ((fd->flags & FLOW_PKT_ESTABLISHED) && (p->flowflags & FLOW_PKT_ESTABLISHED)) { cnt++; } else if (fd->flags & FLOW_PKT_STATELESS) { cnt++; diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index e11468f6f7..0f53fcba4d 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -134,7 +134,7 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c index 96457e169d..6126746f14 100644 --- a/src/detect-http-cookie.c +++ b/src/detect-http-cookie.c @@ -147,7 +147,7 @@ static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *s goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 93a5a560a5..40d8d584fe 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -151,7 +151,7 @@ int DetectHttpHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-method.c b/src/detect-http-method.c index 14afc4d714..4d8accb1ae 100644 --- a/src/detect-http-method.c +++ b/src/detect-http-method.c @@ -130,7 +130,7 @@ static int DetectHttpMethodSetup(DetectEngineCtx *de_ctx, Signature *s, char *st goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index 88c15a2eeb..2bd8150eff 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -149,7 +149,7 @@ int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-raw-uri.c b/src/detect-http-raw-uri.c index 0e3adf3d78..4ffc9825cf 100644 --- a/src/detect-http-raw-uri.c +++ b/src/detect-http-raw-uri.c @@ -122,7 +122,7 @@ static int DetectHttpRawUriSetup(DetectEngineCtx *de_ctx, Signature *s, char *ar goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c index bd0deba98f..afaca64d59 100644 --- a/src/detect-http-server-body.c +++ b/src/detect-http-server-body.c @@ -123,7 +123,7 @@ int DetectHttpServerBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) "be used with the rawbytes rule keyword"); return -1; } - if (s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) { + if ((s->init_flags & SIG_FLAG_INIT_FLOW) && (s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "http_server_body cannot be used with flow:to_server or from_client"); return -1; } @@ -133,7 +133,7 @@ int DetectHttpServerBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index 50c3eea54d..5030ceeb6c 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -133,7 +133,7 @@ static int DetectHttpStatCodeSetup (DetectEngineCtx *de_ctx, Signature *s, char goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index 55678a1115..5d729b38fb 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -133,7 +133,7 @@ static int DetectHttpStatMsgSetup (DetectEngineCtx *de_ctx, Signature *s, char * goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c index 62a4501a30..d9bf9c3484 100644 --- a/src/detect-http-ua.c +++ b/src/detect-http-ua.c @@ -137,7 +137,7 @@ int DetectHttpUASetup(DetectEngineCtx *de_ctx, Signature *s, char *arg) goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index 4c1ac285bf..ad1d9c823a 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -123,7 +123,7 @@ static int DetectHttpUriSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) goto error; } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_CONTENT, sm->prev, DETECT_PCRE, sm->prev); diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c index d7bd4f1d7c..70f6e9df53 100644 --- a/src/detect-isdataat.c +++ b/src/detect-isdataat.c @@ -267,7 +267,7 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst sm->ctx = (void *)idad; if (s->alproto == ALPROTO_DCERPC && - idad->flags & ISDATAAT_RELATIVE) { + (idad->flags & ISDATAAT_RELATIVE)) { pm = SigMatchGetLastSMFromLists(s, 6, DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], diff --git a/src/detect-offset.c b/src/detect-offset.c index d17fa75a44..45c9ff0aab 100644 --- a/src/detect-offset.c +++ b/src/detect-offset.c @@ -138,7 +138,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr) } } - if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { + if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " "with a non-relative keyword for the same content." ); goto error; diff --git a/src/detect-parse.c b/src/detect-parse.c index cde2ed7530..e65737ee8d 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -992,8 +992,8 @@ static void SigBuildAddressMatchArray(Signature *s) { static int SigValidate(Signature *s) { SCEnter(); - if (s->flags & SIG_FLAG_REQUIRE_PACKET && - s->flags & SIG_FLAG_REQUIRE_STREAM) { + if ((s->flags & SIG_FLAG_REQUIRE_PACKET) && + (s->flags & SIG_FLAG_REQUIRE_STREAM)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix packet keywords with " "tcp-stream or flow:only_stream. Invalidating signature."); SCReturnInt(0); @@ -1061,8 +1061,8 @@ static int SigValidate(Signature *s) { for (sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; sm != NULL; sm = sm->next) { if (sm->type == DETECT_CONTENT) { DetectContentData *cd = (DetectContentData *)sm->ctx; - if (cd->flags & DETECT_CONTENT_DISTANCE || - cd->flags & DETECT_CONTENT_WITHIN) { + if ((cd->flags & DETECT_CONTENT_DISTANCE) || + (cd->flags & DETECT_CONTENT_WITHIN)) { SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, DETECT_PCRE, sm->prev, DETECT_BYTEJUMP, sm->prev); diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 8cd37f88f8..fbf58962fe 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -611,13 +611,13 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst if (pd == NULL) goto error; - if (pd->flags & DETECT_PCRE_HTTP_CLIENT_BODY && s->init_flags & SIG_FLAG_INIT_FLOW - && s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) { + if ((pd->flags & DETECT_PCRE_HTTP_CLIENT_BODY) && (s->init_flags & SIG_FLAG_INIT_FLOW) + && (s->flags & SIG_FLAG_TOCLIENT) && !(s->flags & SIG_FLAG_TOSERVER)) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /P with flow:from_server or flow:to_client"); goto error; } - if ((pd->flags & DETECT_PCRE_URI || pd->flags & DETECT_PCRE_HTTP_RAW_URI) - && s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) { + if (((pd->flags & DETECT_PCRE_URI) || (pd->flags & DETECT_PCRE_HTTP_RAW_URI)) + && (s->init_flags & SIG_FLAG_INIT_FLOW) && (s->flags & SIG_FLAG_TOCLIENT) && !(s->flags & SIG_FLAG_TOSERVER)) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /U or /I with flow:from_server or flow:to_client"); goto error; } @@ -754,7 +754,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSCDMATCH); } else { - if (s->alproto == ALPROTO_DCERPC && pd->flags & DETECT_PCRE_RELATIVE) { + if (s->alproto == ALPROTO_DCERPC && (pd->flags & DETECT_PCRE_RELATIVE)) { SigMatch *pm = NULL; SigMatch *dm = NULL; diff --git a/src/detect-rpc.c b/src/detect-rpc.c index 37d3a4c281..c71cd03488 100644 --- a/src/detect-rpc.c +++ b/src/detect-rpc.c @@ -142,10 +142,10 @@ int DetectRpcMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Si if (ntohl(msg->prog) != rd->program) return 0; - if (rd->flags & DETECT_RPC_CHECK_VERSION && ntohl(msg->vers) != rd->program_version) + if ((rd->flags & DETECT_RPC_CHECK_VERSION) && ntohl(msg->vers) != rd->program_version) return 0; - if (rd->flags & DETECT_RPC_CHECK_PROCEDURE && ntohl(msg->proc) != rd->procedure) + if ((rd->flags & DETECT_RPC_CHECK_PROCEDURE) && ntohl(msg->proc) != rd->procedure) return 0; SCLogDebug("prog:%u pver:%u proc:%u matched", ntohl(msg->prog), ntohl(msg->vers), ntohl(msg->proc)); diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c index e6e180d940..8662010df8 100644 --- a/src/detect-ssh-proto-version.c +++ b/src/detect-ssh-proto-version.c @@ -127,7 +127,7 @@ int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow * int ret = 0; FLOWLOCK_RDLOCK(f); - if (flags & STREAM_TOCLIENT && ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED) { + if ((flags & STREAM_TOCLIENT) && (ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED)) { if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) { SCLogDebug("looking for ssh server protoversion 2 compat"); if (strncmp((char *) ssh_state->server_proto_version, "2", 1) == 0 || @@ -138,7 +138,7 @@ int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow * SCLogDebug("looking for ssh server protoversion %s length %"PRIu16"", ssh->ver, ssh->len); ret = (strncmp((char *) ssh_state->server_proto_version, (char *) ssh->ver, ssh->len) == 0)? 1 : 0; } - } else if (flags & STREAM_TOSERVER && ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED) { + } else if ((flags & STREAM_TOSERVER) && (ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED)) { if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) { SCLogDebug("looking for client ssh client protoversion 2 compat"); if (strncmp((char *) ssh_state->client_proto_version, "2", 1) == 0 || diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c index d39aaecc0e..b5d8fbf200 100644 --- a/src/detect-ssh-software-version.c +++ b/src/detect-ssh-software-version.c @@ -132,10 +132,10 @@ int DetectSshSoftwareVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx int ret = 0; FLOWLOCK_RDLOCK(f); - if (flags & STREAM_TOCLIENT && ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED) { + if ((flags & STREAM_TOCLIENT) && (ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED)) { SCLogDebug("looking for ssh server softwareversion %s length %"PRIu16" on %s", ssh->software_ver, ssh->len, ssh_state->server_software_version); ret = (strncmp((char *) ssh_state->server_software_version, (char *) ssh->software_ver, ssh->len) == 0)? 1 : 0; - } else if (flags & STREAM_TOSERVER && ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED) { + } else if ((flags & STREAM_TOSERVER) && (ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED)) { SCLogDebug("looking for ssh client softwareversion %s length %"PRIu16" on %s", ssh->software_ver, ssh->len, ssh_state->client_software_version); ret = (strncmp((char *) ssh_state->client_software_version, (char *) ssh->software_ver, ssh->len) == 0)? 1 : 0; } diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index 14d36c13df..3200031b22 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -143,22 +143,22 @@ int DetectSslStateMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, FLOWLOCK_RDLOCK(f); - if (ssd->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO && + if ((ssd->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) && !(ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO)) { result = 0; goto end; } - if (ssd->flags & SSL_AL_FLAG_STATE_SERVER_HELLO && + if ((ssd->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) && !(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO)) { result = 0; goto end; } - if (ssd->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX && + if ((ssd->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX) && !(ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX)) { result = 0; goto end; } - if (ssd->flags & SSL_AL_FLAG_STATE_SERVER_KEYX && + if ((ssd->flags & SSL_AL_FLAG_STATE_SERVER_KEYX) && !(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_KEYX)) { result = 0; goto end; diff --git a/src/detect-within.c b/src/detect-within.c index cacc7c6f06..1e8f9a5c7f 100644 --- a/src/detect-within.c +++ b/src/detect-within.c @@ -216,7 +216,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi } } - if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) { + if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " "with a non-relative keyword for the same content" ); goto error; diff --git a/src/detect.c b/src/detect.c index 2bb15a38eb..d5a9262664 100644 --- a/src/detect.c +++ b/src/detect.c @@ -863,7 +863,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags) { TcpSession *ssn = (TcpSession *)f->protoctx; /* at stream eof, or in inline mode, inspect all smsg's */ - if (flags & STREAM_EOF || StreamTcpInlineMode()) { + if ((flags & STREAM_EOF) || StreamTcpInlineMode()) { if (p->flowflags & FLOW_PKT_TOSERVER) { smsg = ssn->toserver_smsg_head; /* deref from the ssn */ @@ -962,7 +962,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, *sms_runflags |= SMS_USED_PM; } - if (!(p->flags & PKT_STREAM_ADD) && det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM) { + if (!(p->flags & PKT_STREAM_ADD) && (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM)) { *sms_runflags |= SMS_USED_PM; PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_PKT_STREAM); PacketPatternSearchWithStreamCtx(det_ctx, p); @@ -973,7 +973,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, /* have a look at the reassembled stream (if any) */ if (p->flowflags & FLOW_PKT_ESTABLISHED) { SCLogDebug("p->flowflags & FLOW_PKT_ESTABLISHED"); - if (smsg != NULL && det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM) { + if (smsg != NULL && (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM)) { PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_STREAM); StreamPatternSearch(det_ctx, p, smsg, flags); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_STREAM); @@ -1012,7 +1012,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx, PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HUAD); } } else { /* implied FLOW_PKT_TOCLIENT */ - if (p->flowflags & FLOW_PKT_TOCLIENT && det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSBD) { + if ((p->flowflags & FLOW_PKT_TOCLIENT) && (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSBD)) { PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HSBD); DetectEngineRunHttpServerBodyMpm(de_ctx, det_ctx, p->flow, alstate, flags); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HSBD); @@ -1202,10 +1202,10 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh * the sgh for icmp error packets part of the same stream. */ if (IP_GET_IPPROTO(p) == p->flow->proto) { /* filter out icmp */ PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH); - if (p->flowflags & FLOW_PKT_TOSERVER && p->flow->flags & FLOW_SGH_TOSERVER) { + if ((p->flowflags & FLOW_PKT_TOSERVER) && (p->flow->flags & FLOW_SGH_TOSERVER)) { det_ctx->sgh = p->flow->sgh_toserver; sms_runflags |= SMS_USE_FLOW_SGH; - } else if (p->flowflags & FLOW_PKT_TOCLIENT && p->flow->flags & FLOW_SGH_TOCLIENT) { + } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && (p->flow->flags & FLOW_SGH_TOCLIENT)) { det_ctx->sgh = p->flow->sgh_toclient; sms_runflags |= SMS_USE_FLOW_SGH; } @@ -1225,9 +1225,9 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh /* Retrieve the app layer state and protocol and the tcp reassembled * stream chunks. */ - if ((p->proto == IPPROTO_TCP && p->flags & PKT_STREAM_EST) || - (p->proto == IPPROTO_UDP && p->flowflags & FLOW_PKT_ESTABLISHED) || - (p->proto == IPPROTO_SCTP && p->flowflags & FLOW_PKT_ESTABLISHED)) + if ((p->proto == IPPROTO_TCP && (p->flags & PKT_STREAM_EST)) || + (p->proto == IPPROTO_UDP && (p->flowflags & FLOW_PKT_ESTABLISHED)) || + (p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED))) { alstate = AppLayerGetProtoStateFromPacket(p); alproto = AppLayerGetProtoFromPacket(p); @@ -1273,8 +1273,8 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL); } - if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || - (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) + if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || + ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { SCLogDebug("testing against \"ip-only\" signatures"); @@ -1286,9 +1286,9 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh * done in the FlowSetIPOnlyFlag function. */ FlowSetIPOnlyFlag(p->flow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0); - } else if ((p->flowflags & FLOW_PKT_TOSERVER && + } else if (((p->flowflags & FLOW_PKT_TOSERVER) && (p->flow->flags & FLOW_TOSERVER_IPONLY_SET)) || - (p->flowflags & FLOW_PKT_TOCLIENT && + ((p->flowflags & FLOW_PKT_TOCLIENT) && (p->flow->flags & FLOW_TOCLIENT_IPONLY_SET))) { /* Get the result of the first IPOnlyMatch() */ @@ -1348,7 +1348,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); /* stateful app layer detection */ - if (p->flags & PKT_HAS_FLOW && alstate != NULL) { + if ((p->flags & PKT_HAS_FLOW) && alstate != NULL) { /* initialize to 0 (DE_STATE_MATCH_NOSTATE) */ memset(det_ctx->de_state_sig_array, 0x00, det_ctx->de_state_sig_array_len); @@ -1386,7 +1386,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh /* check if this signature has a requirement for flowvars of some type * and if so, if we actually have any in the flow. If not, the sig * can't match and we skip it. */ - if (p->flags & PKT_HAS_FLOW && s->flags & SIG_FLAG_REQUIRE_FLOWVAR) { + if ((p->flags & PKT_HAS_FLOW) && (s->flags & SIG_FLAG_REQUIRE_FLOWVAR)) { FLOWLOCK_RDLOCK(p->flow); int m = p->flow->flowvar ? 1 : 0; FLOWLOCK_UNLOCK(p->flow); @@ -1497,7 +1497,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } if (sms_runflags & SMS_USED_PM) { - if (s->flags & SIG_FLAG_MPM_PACKET && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) && + if ((s->flags & SIG_FLAG_MPM_PACKET) && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) && !(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] & s->mpm_pattern_id_mod_8)) { goto next; @@ -1513,7 +1513,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh } } else { if (sms_runflags & SMS_USED_PM) { - if (s->flags & SIG_FLAG_MPM_PACKET && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) && + if ((s->flags & SIG_FLAG_MPM_PACKET) && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) && !(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] & s->mpm_pattern_id_mod_8)) { goto next; @@ -1661,7 +1661,7 @@ end: } if (!(sms_runflags & SMS_USE_FLOW_SGH)) { - if (p->flowflags & FLOW_PKT_TOSERVER && !(p->flow->flags & FLOW_SGH_TOSERVER)) { + if ((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flow->flags & FLOW_SGH_TOSERVER)) { /* first time we see this toserver sgh, store it */ p->flow->sgh_toserver = det_ctx->sgh; p->flow->flags |= FLOW_SGH_TOSERVER; @@ -1694,7 +1694,7 @@ end: SCLogDebug("disabling filesize for flow"); FileDisableFilesize(p->flow, STREAM_TOSERVER); } - } else if (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flow->flags & FLOW_SGH_TOCLIENT)) { + } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flow->flags & FLOW_SGH_TOCLIENT)) { p->flow->sgh_toclient = det_ctx->sgh; p->flow->flags |= FLOW_SGH_TOCLIENT; @@ -1754,7 +1754,7 @@ TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue DEBUG_VALIDATE_PACKET(p); /* No need to perform any detection on this packet, if the the given flag is set.*/ - if (p->flags & PKT_NOPACKET_INSPECTION || p->action & ACTION_DROP) + if ((p->flags & PKT_NOPACKET_INSPECTION) || (p->action & ACTION_DROP)) return 0; DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data; @@ -2302,8 +2302,8 @@ static int SignatureCreateMask(Signature *s) { } } - if (s->mask & SIG_MASK_REQUIRE_DCE_STATE || - s->mask & SIG_MASK_REQUIRE_HTTP_STATE) + if ((s->mask & SIG_MASK_REQUIRE_DCE_STATE) || + (s->mask & SIG_MASK_REQUIRE_HTTP_STATE)) { s->mask |= SIG_MASK_REQUIRE_FLOW; SCLogDebug("sig requires flow"); diff --git a/src/flow-manager.c b/src/flow-manager.c index f0aa7186eb..5085f2b5fe 100644 --- a/src/flow-manager.c +++ b/src/flow-manager.c @@ -136,7 +136,7 @@ static inline int FlowGetFlowState(Flow *f) { if (flow_proto[f->protomap].GetProtoState != NULL) { return flow_proto[f->protomap].GetProtoState(f->protoctx); } else { - if (f->flags & FLOW_TO_SRC_SEEN && f->flags & FLOW_TO_DST_SEEN) + if ((f->flags & FLOW_TO_SRC_SEEN) && (f->flags & FLOW_TO_DST_SEEN)) return FLOW_STATE_ESTABLISHED; else return FLOW_STATE_NEW; diff --git a/src/flow-timeout.c b/src/flow-timeout.c index 7b735e96e2..710905a750 100644 --- a/src/flow-timeout.c +++ b/src/flow-timeout.c @@ -293,7 +293,7 @@ int FlowForceReassemblyNeedReassmbly(Flow *f, int *server, int *client) { TcpSession *ssn; /* looks like we have no flows in this queue */ - if (f == NULL || f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE) { + if (f == NULL || (f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE)) { return 0; } diff --git a/src/flow.c b/src/flow.c index ad9931c1b6..1806a2077f 100644 --- a/src/flow.c +++ b/src/flow.c @@ -292,7 +292,7 @@ void FlowHandlePacket (ThreadVars *tv, Packet *p) f->bytecnt += GET_PKT_LEN(p); #endif - if (f->flags & FLOW_TO_DST_SEEN && f->flags & FLOW_TO_SRC_SEEN) { + if ((f->flags & FLOW_TO_DST_SEEN) && (f->flags & FLOW_TO_SRC_SEEN)) { SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p); p->flowflags |= FLOW_PKT_ESTABLISHED; } diff --git a/src/log-pcap.c b/src/log-pcap.c index 5733a9046e..2935a102c0 100644 --- a/src/log-pcap.c +++ b/src/log-pcap.c @@ -244,7 +244,7 @@ TmEcode PcapLog (ThreadVars *t, Packet *p, void *data, PacketQueue *pq, PcapLogData *pl = (PcapLogData *)data; - if (p->flags & PKT_PSEUDO_STREAM_END || + if ((p->flags & PKT_PSEUDO_STREAM_END) || ((p->flags & PKT_STREAM_NOPCAPLOG) && (pl->use_stream_depth == USE_STREAM_DEPTH_ENABLED)) || (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p))) diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c index c267692fbe..ec77960f50 100644 --- a/src/stream-tcp-reassemble.c +++ b/src/stream-tcp-reassemble.c @@ -1728,8 +1728,8 @@ static void StreamTcpSetupMsg(TcpSession *ssn, TcpStream *stream, Packet *p, smsg->flags |= STREAM_EOF; } - if ((!StreamTcpInlineMode() && p->flowflags & FLOW_PKT_TOSERVER) || - ( StreamTcpInlineMode() && p->flowflags & FLOW_PKT_TOCLIENT)) + if ((!StreamTcpInlineMode() && (p->flowflags & FLOW_PKT_TOSERVER)) || + ( StreamTcpInlineMode() && (p->flowflags & FLOW_PKT_TOCLIENT))) { smsg->flags |= STREAM_TOCLIENT; SCLogDebug("stream mesage is to_client"); @@ -1850,8 +1850,8 @@ static void StreamTcpRemoveSegmentFromStream(TcpStream *stream, TcpSegment *seg) * \retval 0 not done yet */ #define StreamTcpAppLayerSegmentProcessed(stream, segment) \ - (((stream)->flags & STREAMTCP_STREAM_FLAG_GAP || \ - (segment)->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) ? 1 :0) + (( ( (stream)->flags & STREAMTCP_STREAM_FLAG_GAP ) || \ + ( (segment)->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED ) ? 1 :0 )) /** * \brief Update the stream reassembly upon receiving a data segment @@ -2566,8 +2566,8 @@ void StreamTcpPruneSession(Flow *f, uint8_t flags) { (uint32_t)(seg->seq + seg->payload_len)); if (SEQ_LEQ((seg->seq + seg->payload_len), (ra_base_seq+1)) && - seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED && - seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) { + (seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) && + (seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED)) { if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) { seg = seg->next; break; @@ -2700,8 +2700,8 @@ static int StreamTcpReassembleAppLayer (ThreadVars *tv, /* Remove the segments which are either completely before the * ra_base_seq and processed by both app layer and raw reassembly. */ } else if (SEQ_LEQ((seg->seq + seg->payload_len), (ra_base_seq+1)) && - seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED && - seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) { + (seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) && + (seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED)) { if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) { seg = seg->next; continue; @@ -3086,8 +3086,8 @@ static int StreamTcpReassembleRaw (TcpReassemblyThreadCtx *ra_ctx, * If the stream is in GAP state the app layer flag won't be set */ if ((ssn->flags & STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED) && (seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) && - (seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED || - stream->flags & STREAMTCP_STREAM_FLAG_GAP)) + ((seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) || + (stream->flags & STREAMTCP_STREAM_FLAG_GAP))) { if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) { seg = seg->next; diff --git a/src/stream-tcp.c b/src/stream-tcp.c index eaee4b5828..b210293d87 100644 --- a/src/stream-tcp.c +++ b/src/stream-tcp.c @@ -955,7 +955,7 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p, /* SYN/ACK */ } else if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) { - if (ssn->flags & STREAMTCP_FLAG_4WHS && PKT_IS_TOSERVER(p)) { + if ((ssn->flags & STREAMTCP_FLAG_4WHS) && PKT_IS_TOSERVER(p)) { SCLogDebug("ssn %p: SYN/ACK received on 4WHS session", ssn); /* Check if the SYN/ACK packet ack's the earlier @@ -1412,7 +1412,7 @@ static int StreamTcpPacketStateSynRecv(ThreadVars *tv, Packet *p, } } - if (ssn->flags & STREAMTCP_FLAG_4WHS && PKT_IS_TOCLIENT(p)) { + if ((ssn->flags & STREAMTCP_FLAG_4WHS) && PKT_IS_TOCLIENT(p)) { SCLogDebug("ssn %p: ACK received on 4WHS session",ssn); if (!(SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq))) { @@ -1695,7 +1695,7 @@ static int HandleEstablishedPacketToServer(ThreadVars *tv, TcpSession *ssn, Pack SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn); } else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || - ssn->flags & STREAMTCP_FLAG_ASYNC) + (ssn->flags & STREAMTCP_FLAG_ASYNC)) { SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win " "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win); @@ -2628,7 +2628,7 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p, if (!retransmission) { if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || - ssn->flags & STREAMTCP_FLAG_ASYNC) + (ssn->flags & STREAMTCP_FLAG_ASYNC)) { SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win " "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win); @@ -2894,7 +2894,7 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, if (!retransmission) { if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || - ssn->flags & STREAMTCP_FLAG_ASYNC) + (ssn->flags & STREAMTCP_FLAG_ASYNC)) { SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win " "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win); @@ -2953,7 +2953,7 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p, if (!retransmission) { if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || - ssn->flags & STREAMTCP_FLAG_ASYNC) + (ssn->flags & STREAMTCP_FLAG_ASYNC)) { SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win " "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win); @@ -3971,15 +3971,15 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt, /* check for conditions that may make us not want to log this packet */ /* streams that hit depth */ - if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED || - ssn->server.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED)) + if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED) || + (ssn->server.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED)) { p->flags |= PKT_STREAM_NOPCAPLOG; } /* encrypted packets */ - if ((PKT_IS_TOSERVER(p) && ssn->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || - (PKT_IS_TOCLIENT(p) && ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) + if ((PKT_IS_TOSERVER(p) && (ssn->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) || + (PKT_IS_TOCLIENT(p) && (ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY))) { p->flags |= PKT_STREAM_NOPCAPLOG; } diff --git a/src/tm-threads.c b/src/tm-threads.c index 004503f10c..597c747ba6 100644 --- a/src/tm-threads.c +++ b/src/tm-threads.c @@ -1997,14 +1997,14 @@ void TmThreadCheckThreadState(void) if (TmThreadsCheckFlag(tv, THV_FAILED)) { TmThreadsSetFlag(tv, THV_DEINIT); pthread_join(tv->t, NULL); - if (tv_aof & THV_ENGINE_EXIT || tv->aof & THV_ENGINE_EXIT) { + if ((tv_aof & THV_ENGINE_EXIT) || (tv->aof & THV_ENGINE_EXIT)) { EngineKill(); return; } else { /* if the engine kill-stop has been received by now, chuck * restarting and return to kill the engine */ - if (suricata_ctl_flags & SURICATA_KILL || - suricata_ctl_flags & SURICATA_STOP) { + if ((suricata_ctl_flags & SURICATA_KILL) || + (suricata_ctl_flags & SURICATA_STOP)) { return; } TmThreadRestartThread(tv); diff --git a/src/util-action.c b/src/util-action.c index 8d8ae66c98..0d0d5c09f9 100644 --- a/src/util-action.c +++ b/src/util-action.c @@ -52,9 +52,9 @@ uint8_t action_order_sigs[4] = {ACTION_PASS, ACTION_DROP, ACTION_REJECT, ACTION_ */ uint8_t ActionOrderVal(uint8_t action) { /* reject_both and reject_dst have the same prio as reject */ - if( action & ACTION_REJECT || - action & ACTION_REJECT_BOTH || - action & ACTION_REJECT_BOTH) { + if( (action & ACTION_REJECT) || + (action & ACTION_REJECT_BOTH) || + (action & ACTION_REJECT_DST)) { action = ACTION_REJECT; } uint8_t i = 0;