aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added parentheses to fix Eclipse static code analysis

Browse Source 
Fixed bug in action priority (REJECT_DST had lowest prio)
pull/175/merge
Last G 13 years ago committed by Victor Julien
parent e236351c52
commit 8ae11f73b2
60 changed files with 173 additions and 173 deletions
Show Stats Download Patch File Download Diff File

2
libhtp/htp/htp_decompressors.c
Unescape Escape View File

@ -44,7 +44,7 @@ static int htp_gzip_decompressor_decompress(htp_decompressor_gzip_t *drec, htp_t
if (d->data[3] == 0) { if (d->data[3] == 0) {
drec->initialized = 1; drec->initialized = 1;
consumed = 10; consumed = 10;
} else if (d->data[3] & (1 << 3) || d->data[3] & (1 << 4)) { } else if ((d->data[3] & (1 << 3)) || (d->data[3] & (1 << 4))) {
/* skip past /* skip past
* - FNAME extension, which is a name ended in a NUL terminator * - FNAME extension, which is a name ended in a NUL terminator
* or * or

4
src/alert-debuglog.c
Unescape Escape View File

@ -316,8 +316,8 @@ TmEcode AlertDebugLogger(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size, PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
p->payload, p->payload_len); p->payload, p->payload_len);
} }
if (pa->flags & PACKET_ALERT_FLAG_STATE_MATCH || if ((pa->flags & PACKET_ALERT_FLAG_STATE_MATCH) ||
pa->flags & PACKET_ALERT_FLAG_STREAM_MATCH) { (pa->flags & PACKET_ALERT_FLAG_STREAM_MATCH)) {
/* This is an app layer or stream alert */ /* This is an app layer or stream alert */
int ret; int ret;
uint8_t flag; uint8_t flag;

6
src/alert-fastlog.c
Unescape Escape View File

@ -140,7 +140,7 @@ TmEcode AlertFastLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
continue; continue;
} }
if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] "; action = "[Drop] ";
} else if (pa->action & ACTION_DROP) { } else if (pa->action & ACTION_DROP) {
action = "[wDrop] "; action = "[wDrop] ";
@ -190,7 +190,7 @@ TmEcode AlertFastLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
continue; continue;
} }
if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] "; action = "[Drop] ";
} else if (pa->action & ACTION_DROP) { } else if (pa->action & ACTION_DROP) {
action = "[wDrop] "; action = "[wDrop] ";
@ -238,7 +238,7 @@ TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQu
continue; continue;
} }
if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] "; action = "[Drop] ";
} else if (pa->action & ACTION_DROP) { } else if (pa->action & ACTION_DROP) {
action = "[wDrop] "; action = "[wDrop] ";

6
src/alert-syslog.c
Unescape Escape View File

@ -275,7 +275,7 @@ TmEcode AlertSyslogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip)); PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] "; action = "[Drop] ";
} else if (pa->action & ACTION_DROP) { } else if (pa->action & ACTION_DROP) {
action = "[wDrop] "; action = "[wDrop] ";
@ -336,7 +336,7 @@ TmEcode AlertSyslogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] "; action = "[Drop] ";
} else if (pa->action & ACTION_DROP) { } else if (pa->action & ACTION_DROP) {
action = "[wDrop] "; action = "[wDrop] ";
@ -399,7 +399,7 @@ TmEcode AlertSyslogDecoderEvent(ThreadVars *tv, Packet *p, void *data,
continue; continue;
} }
if (pa->action & ACTION_DROP && IS_ENGINE_MODE_IPS(engine_mode)) { if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "[Drop] "; action = "[Drop] ";
} else if (pa->action & ACTION_DROP) { } else if (pa->action & ACTION_DROP) {
action = "[wDrop] "; action = "[wDrop] ";

8
src/app-layer-dcerpc.c
Unescape Escape View File

@ -1117,7 +1117,7 @@ static uint32_t StubDataParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_le
* frags from a fresh request/response. Also if the state is in the * frags from a fresh request/response. Also if the state is in the
* process of processing a fragmented pdu, we should append to the * process of processing a fragmented pdu, we should append to the
* existing stub and not reset the stub buffer */ * existing stub and not reset the stub buffer */
if (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG && if ((dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) &&
!dcerpc->pdu_fragged) { !dcerpc->pdu_fragged) {
*stub_data_buffer_len = 0; *stub_data_buffer_len = 0;
/* just a hack to get thing working. We shouldn't be setting /* just a hack to get thing working. We shouldn't be setting
@ -1405,7 +1405,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) {
if (dcerpc->bytesprocessed < 10) { if (dcerpc->bytesprocessed < 10) {
/* if the parser is known to be fragmented at this stage itself, /* if the parser is known to be fragmented at this stage itself,
* we reset the stub buffer here itself */ * we reset the stub buffer here itself */
if (!dcerpc->pdu_fragged && dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) { if (!dcerpc->pdu_fragged && (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG)) {
DCERPCResetStub(dcerpc); DCERPCResetStub(dcerpc);
} }
dcerpc->pdu_fragged = 1; dcerpc->pdu_fragged = 1;
@ -1416,7 +1416,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) {
} else { } else {
/* if the parser is known to be fragmented at this stage itself, /* if the parser is known to be fragmented at this stage itself,
* we reset the stub buffer here itself */ * we reset the stub buffer here itself */
if (!dcerpc->pdu_fragged && dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) { if (!dcerpc->pdu_fragged && (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG)) {
DCERPCResetStub(dcerpc); DCERPCResetStub(dcerpc);
} }
dcerpc->pdu_fragged = 1; dcerpc->pdu_fragged = 1;
@ -1710,7 +1710,7 @@ int32_t DCERPCParser(DCERPC *dcerpc, uint8_t *input, uint32_t input_len) {
SCReturnInt(0); SCReturnInt(0);
} else { } else {
if (!dcerpc->pdu_fragged && if (!dcerpc->pdu_fragged &&
dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG) { (dcerpc->dcerpchdr.pfc_flags & PFC_FIRST_FRAG)) {
DCERPCResetStub(dcerpc); DCERPCResetStub(dcerpc);
} }
/* temporary fix */ /* temporary fix */

2
src/app-layer-detect-proto.c
Unescape Escape View File

@ -570,7 +570,7 @@ uint16_t AppLayerDetectGetProtoProbingParser(AlpProtoDetectCtx *ctx, Flow *f,
while (pe != NULL) { while (pe != NULL) {
if ((buflen < pe->min_depth) || if ((buflen < pe->min_depth) ||
al_proto_masks[0] & pe->al_proto_mask) { (al_proto_masks[0] & pe->al_proto_mask)) {
pe = pe->next; pe = pe->next;
continue; continue;
} }

12
src/app-layer-htp-file.c
Unescape Escape View File

@ -101,8 +101,8 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len,
files = s->files_tc; files = s->files_tc;
files_opposite = s->files_ts; files_opposite = s->files_ts;
if (s->flags & HTP_FLAG_STORE_FILES_TS || if ((s->flags & HTP_FLAG_STORE_FILES_TS) ||
(s->flags & HTP_FLAG_STORE_FILES_TX_TS && txid == s->store_tx_id)) { ((s->flags & HTP_FLAG_STORE_FILES_TX_TS) && txid == s->store_tx_id)) {
flags |= FILE_STORE; flags |= FILE_STORE;
} }
@ -116,7 +116,7 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len,
flags |= FILE_NOMD5; flags |= FILE_NOMD5;
} }
if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE_TC) { if (!(flags & FILE_STORE) && (s->f->flags & FLOW_FILE_NO_STORE_TC)) {
flags |= FILE_NOSTORE; flags |= FILE_NOSTORE;
} }
} else { } else {
@ -131,8 +131,8 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len,
files = s->files_ts; files = s->files_ts;
files_opposite = s->files_tc; files_opposite = s->files_tc;
if (s->flags & HTP_FLAG_STORE_FILES_TC || if ((s->flags & HTP_FLAG_STORE_FILES_TC) ||
(s->flags & HTP_FLAG_STORE_FILES_TX_TC && txid == s->store_tx_id)) { ((s->flags & HTP_FLAG_STORE_FILES_TX_TC) && txid == s->store_tx_id)) {
flags |= FILE_STORE; flags |= FILE_STORE;
} }
if (s->f->flags & FLOW_FILE_NO_MAGIC_TS) { if (s->f->flags & FLOW_FILE_NO_MAGIC_TS) {
@ -145,7 +145,7 @@ int HTPFileOpen(HtpState *s, uint8_t *filename, uint16_t filename_len,
flags |= FILE_NOMD5; flags |= FILE_NOMD5;
} }
if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE_TS) { if (!(flags & FILE_STORE) && (s->f->flags & FLOW_FILE_NO_STORE_TS)) {
flags |= FILE_NOSTORE; flags |= FILE_NOSTORE;
} }
} }

2
src/app-layer-htp.c
Unescape Escape View File

@ -1310,7 +1310,7 @@ int HtpRequestBodyHandleMultipart(HtpState *hstate, HtpTxUserData *htud,
/* if we're in the file storage process, deal with that now */ /* if we're in the file storage process, deal with that now */
if (htud->tsflags & HTP_FILENAME_SET) { if (htud->tsflags & HTP_FILENAME_SET) {
if (header_start != NULL || form_end != NULL || htud->tsflags & HTP_REQ_BODY_COMPLETE) { if (header_start != NULL || form_end != NULL || (htud->tsflags & HTP_REQ_BODY_COMPLETE)) {
SCLogDebug("reached the end of the file"); SCLogDebug("reached the end of the file");
uint8_t *filedata = chunks_buffer; uint8_t *filedata = chunks_buffer;

2
src/app-layer-parser.c
Unescape Escape View File

@ -934,7 +934,7 @@ int AppLayerParse(void *local_data, Flow *f, uint8_t proto,
} }
} }
if (parser_idx == 0 || parser_state->flags & APP_LAYER_PARSER_DONE) { if (parser_idx == 0 || (parser_state->flags & APP_LAYER_PARSER_DONE)) {
SCLogDebug("no parser for protocol %" PRIu32 "", proto); SCLogDebug("no parser for protocol %" PRIu32 "", proto);
SCReturnInt(0); SCReturnInt(0);
} }

2
src/app-layer-ssl.c
Unescape Escape View File

@ -745,7 +745,7 @@ static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserSt
/* fresh record */ /* fresh record */
case 0: case 0:
/* only SSLv2, has one of the top 2 bits set */ /* only SSLv2, has one of the top 2 bits set */
if (input[0] & 0x80 || input[0] & 0x40) { if ((input[0] & 0x80) || (input[0] & 0x40)) {
SCLogDebug("SSLv2 detected"); SCLogDebug("SSLv2 detected");
ssl_state->curr_connp->version = SSL_VERSION_2; ssl_state->curr_connp->version = SSL_VERSION_2;
retval = SSLv2Decode(direction, ssl_state, pstate, input, retval = SSLv2Decode(direction, ssl_state, pstate, input,

8
src/app-layer.c
Unescape Escape View File

@ -133,11 +133,11 @@ int AppLayerHandleTCPData(AlpProtoDetectThreadCtx *dp_ctx, Flow *f,
* initializer message, we run proto detection. * initializer message, we run proto detection.
* We receive 2 stream init msgs (one for each direction) but we * We receive 2 stream init msgs (one for each direction) but we
* only run the proto detection once. */ * only run the proto detection once. */
if (f->alproto == ALPROTO_UNKNOWN && flags & STREAM_GAP) { if (f->alproto == ALPROTO_UNKNOWN && (flags & STREAM_GAP)) {
ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f); SCLogDebug("ALPROTO_UNKNOWN flow %p, due to GAP in stream start", f);
StreamTcpSetSessionNoReassemblyFlag(ssn, 0); StreamTcpSetSessionNoReassemblyFlag(ssn, 0);
} else if (f->alproto == ALPROTO_UNKNOWN && flags & STREAM_START) { } else if (f->alproto == ALPROTO_UNKNOWN && (flags & STREAM_START)) {
SCLogDebug("Stream initializer (len %" PRIu32 ")", data_len); SCLogDebug("Stream initializer (len %" PRIu32 ")", data_len);
#ifdef PRINT #ifdef PRINT
if (data_len > 0) { if (data_len > 0) {
@ -161,8 +161,8 @@ int AppLayerHandleTCPData(AlpProtoDetectThreadCtx *dp_ctx, Flow *f,
r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, data, data_len); r = AppLayerParse(dp_ctx->alproto_local_storage[f->alproto], f, f->alproto, flags, data, data_len);
PACKET_PROFILING_APP_END(dp_ctx, f->alproto); PACKET_PROFILING_APP_END(dp_ctx, f->alproto);
} else { } else {
if (f->flags & FLOW_TS_PM_PP_ALPROTO_DETECT_DONE && if ((f->flags & FLOW_TS_PM_PP_ALPROTO_DETECT_DONE) &&
f->flags & FLOW_TC_PM_PP_ALPROTO_DETECT_DONE) { (f->flags & FLOW_TC_PM_PP_ALPROTO_DETECT_DONE)) {
FlowSetSessionNoApplayerInspectionFlag(f); FlowSetSessionNoApplayerInspectionFlag(f);
ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED; ssn->flags |= STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED;
} }

2
src/detect-byte-extract.c
Unescape Escape View File

@ -599,7 +599,7 @@ int DetectByteExtractSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH);
} }
} else if (s->alproto == ALPROTO_DCERPC && } else if (s->alproto == ALPROTO_DCERPC &&
data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE) { (data->flags & DETECT_BYTE_EXTRACT_FLAG_RELATIVE)) {
SigMatch *pm = NULL; SigMatch *pm = NULL;
SigMatch *dm = NULL; SigMatch *dm = NULL;

2
src/detect-bytejump.c
Unescape Escape View File

@ -584,7 +584,7 @@ int DetectBytejumpSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH);
} }
} else if (s->alproto == ALPROTO_DCERPC && } else if (s->alproto == ALPROTO_DCERPC &&
data->flags & DETECT_BYTEJUMP_RELATIVE) { (data->flags & DETECT_BYTEJUMP_RELATIVE)) {
SigMatch *pm = NULL; SigMatch *pm = NULL;
SigMatch *dm = NULL; SigMatch *dm = NULL;

2
src/detect-bytetest.c
Unescape Escape View File

@ -506,7 +506,7 @@ int DetectBytetestSetup(DetectEngineCtx *de_ctx, Signature *s, char *optstr)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH);
} }
} else if (s->alproto == ALPROTO_DCERPC && } else if (s->alproto == ALPROTO_DCERPC &&
data->flags & DETECT_BYTETEST_RELATIVE) { (data->flags & DETECT_BYTETEST_RELATIVE)) {
SigMatch *pm = NULL; SigMatch *pm = NULL;
SigMatch *dm = NULL; SigMatch *dm = NULL;

10
src/detect-content.h
Unescape Escape View File

@ -55,11 +55,11 @@
* the inspection phase */ * the inspection phase */
#define DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED (1 << 16) #define DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED (1 << 16)
#define DETECT_CONTENT_IS_SINGLE(c) (!((c)->flags & DETECT_CONTENT_DISTANCE || \ #define DETECT_CONTENT_IS_SINGLE(c) (!( ((c)->flags & DETECT_CONTENT_DISTANCE) || \
(c)->flags & DETECT_CONTENT_WITHIN || \ ((c)->flags & DETECT_CONTENT_WITHIN) || \
(c)->flags & DETECT_CONTENT_RELATIVE_NEXT || \ ((c)->flags & DETECT_CONTENT_RELATIVE_NEXT) || \
(c)->flags & DETECT_CONTENT_DEPTH || \ ((c)->flags & DETECT_CONTENT_DEPTH) || \
(c)->flags & DETECT_CONTENT_OFFSET)) ((c)->flags & DETECT_CONTENT_OFFSET) ))
#include "util-spm-bm.h" #include "util-spm-bm.h"

2
src/detect-depth.c
Unescape Escape View File

@ -139,7 +139,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
} }
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content." ); "with a non-relative keyword for the same content." );
goto error; goto error;

2
src/detect-distance.c
Unescape Escape View File

@ -213,7 +213,7 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
} }
} }
if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) { if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content." ); "with a non-relative keyword for the same content." );
goto error; goto error;

2
src/detect-engine-address.c
Unescape Escape View File

@ -1478,7 +1478,7 @@ int DetectAddressCmp(DetectAddress *a, DetectAddress *b)
return ADDRESS_ER; return ADDRESS_ER;
/* check any */ /* check any */
if (a->flags & ADDRESS_FLAG_ANY && b->flags & ADDRESS_FLAG_ANY) if ((a->flags & ADDRESS_FLAG_ANY) && (b->flags & ADDRESS_FLAG_ANY))
return ADDRESS_EQ; return ADDRESS_EQ;
else if (a->ip.family == AF_INET) else if (a->ip.family == AF_INET)
return DetectAddressCmpIPv4(a, b); return DetectAddressCmpIPv4(a, b);

6
src/detect-engine-alert.c
Unescape Escape View File

@ -224,8 +224,8 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
} }
if (s->flags & SIG_FLAG_IPONLY) { if (s->flags & SIG_FLAG_IPONLY) {
if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
(p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) { ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
SCLogDebug("testing against \"ip-only\" signatures"); SCLogDebug("testing against \"ip-only\" signatures");
if (p->flow != NULL) { if (p->flow != NULL) {
@ -258,7 +258,7 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
break; break;
/* if the signature wants to drop, check if the /* if the signature wants to drop, check if the
* PACKET_ALERT_FLAG_DROP_FLOW flag is set. */ * PACKET_ALERT_FLAG_DROP_FLOW flag is set. */
} else if (p->action & ACTION_DROP && } else if ((p->action & ACTION_DROP) &&
((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) || ((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) ||
(s->flags & SIG_FLAG_APPLAYER)) (s->flags & SIG_FLAG_APPLAYER))
&& p->flow != NULL) && p->flow != NULL)

4
src/detect-engine-analyzer.c
Unescape Escape View File

@ -632,10 +632,10 @@ void EngineAnalysisRules(Signature *s, char *line)
} }
else if (sm->type == DETECT_FLOW) { else if (sm->type == DETECT_FLOW) {
rule_flow += 1; rule_flow += 1;
if (s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) { if ((s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) {
rule_flow_toserver = 1; rule_flow_toserver = 1;
} }
else if (s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) { else if ((s->flags & SIG_FLAG_TOCLIENT) && !(s->flags & SIG_FLAG_TOSERVER)) {
rule_flow_toclient = 1; rule_flow_toclient = 1;
} }
DetectFlowData *fd = (DetectFlowData *)sm->ctx; DetectFlowData *fd = (DetectFlowData *)sm->ctx;

10
src/detect-engine-content-inspection.c
Unescape Escape View File

@ -134,8 +134,8 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
uint32_t prev_buffer_offset = det_ctx->buffer_offset; uint32_t prev_buffer_offset = det_ctx->buffer_offset;
do { do {
if (cd->flags & DETECT_CONTENT_DISTANCE || if ((cd->flags & DETECT_CONTENT_DISTANCE) ||
cd->flags & DETECT_CONTENT_WITHIN) { (cd->flags & DETECT_CONTENT_WITHIN)) {
SCLogDebug("det_ctx->buffer_offset %"PRIu32, det_ctx->buffer_offset); SCLogDebug("det_ctx->buffer_offset %"PRIu32, det_ctx->buffer_offset);
offset = prev_buffer_offset; offset = prev_buffer_offset;
@ -255,9 +255,9 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) { if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) {
SCReturnInt(0); SCReturnInt(0);
} else if (found == NULL && cd->flags & DETECT_CONTENT_NEGATED) { } else if (found == NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
goto match; goto match;
} else if (found != NULL && cd->flags & DETECT_CONTENT_NEGATED) { } else if (found != NULL && (cd->flags & DETECT_CONTENT_NEGATED)) {
SCLogDebug("content %"PRIu32" matched at offset %"PRIu32", but negated so no match", cd->id, match_offset); SCLogDebug("content %"PRIu32" matched at offset %"PRIu32", but negated so no match", cd->id, match_offset);
/* don't bother carrying recursive matches now, for preceding /* don't bother carrying recursive matches now, for preceding
* relative keywords */ * relative keywords */
@ -444,7 +444,7 @@ int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
/* if we have dce enabled we will have to use the endianness /* if we have dce enabled we will have to use the endianness
* specified by the dce header */ * specified by the dce header */
if (bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN && if ((bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) &&
endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) { endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE) {
DCERPCState *dcerpc_state = (DCERPCState *)data; DCERPCState *dcerpc_state = (DCERPCState *)data;

12
src/detect-engine-file.c
Unescape Escape View File

@ -102,31 +102,31 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
break; break;
} }
if (s->file_flags & FILE_SIG_NEED_FILENAME && file->name == NULL) { if ((s->file_flags & FILE_SIG_NEED_FILENAME) && file->name == NULL) {
SCLogDebug("sig needs filename, but we don't have any"); SCLogDebug("sig needs filename, but we don't have any");
r = 0; r = 0;
break; break;
} }
if (s->file_flags & FILE_SIG_NEED_MAGIC && file->chunks_head == NULL) { if ((s->file_flags & FILE_SIG_NEED_MAGIC) && file->chunks_head == NULL) {
SCLogDebug("sig needs file content, but we don't have any"); SCLogDebug("sig needs file content, but we don't have any");
r = 0; r = 0;
break; break;
} }
if (s->file_flags & FILE_SIG_NEED_FILECONTENT && file->chunks_head == NULL) { if ((s->file_flags & FILE_SIG_NEED_FILECONTENT) && file->chunks_head == NULL) {
SCLogDebug("sig needs file content, but we don't have any"); SCLogDebug("sig needs file content, but we don't have any");
r = 0; r = 0;
break; break;
} }
if (s->file_flags & FILE_SIG_NEED_MD5 && (!(file->flags & FILE_MD5))) { if ((s->file_flags & FILE_SIG_NEED_MD5) && (!(file->flags & FILE_MD5))) {
SCLogDebug("sig needs file md5, but we don't have any"); SCLogDebug("sig needs file md5, but we don't have any");
r = 0; r = 0;
break; break;
} }
if (s->file_flags & FILE_SIG_NEED_SIZE && file->state < FILE_STATE_CLOSED) { if ((s->file_flags & FILE_SIG_NEED_SIZE) && file->state < FILE_STATE_CLOSED) {
SCLogDebug("sig needs filesize, but state < FILE_STATE_CLOSED"); SCLogDebug("sig needs filesize, but state < FILE_STATE_CLOSED");
r = 0; r = 0;
break; break;
@ -157,7 +157,7 @@ static int DetectFileInspect(ThreadVars *tv, DetectEngineThreadCtx *det_ctx,
/* if this is a filestore sig, and the sig can't match /* if this is a filestore sig, and the sig can't match
* return 3 so we can distinguish */ * return 3 so we can distinguish */
if (s->flags & SIG_FLAG_FILESTORE && r == 2) if ((s->flags & SIG_FLAG_FILESTORE) && r == 2)
r = 3; r = 3;
/* continue, this file may (or may not) be unable to match /* continue, this file may (or may not) be unable to match

6
src/detect-engine-port.c
Unescape Escape View File

@ -685,11 +685,11 @@ error:
* */ * */
int DetectPortCmp(DetectPort *a, DetectPort *b) { int DetectPortCmp(DetectPort *a, DetectPort *b) {
/* check any */ /* check any */
if (a->flags & PORT_FLAG_ANY && b->flags & PORT_FLAG_ANY) if ((a->flags & PORT_FLAG_ANY) && (b->flags & PORT_FLAG_ANY))
return PORT_EQ; return PORT_EQ;
if (a->flags & PORT_FLAG_ANY && !(b->flags & PORT_FLAG_ANY)) if ((a->flags & PORT_FLAG_ANY) && !(b->flags & PORT_FLAG_ANY))
return PORT_LT; return PORT_LT;
if (!(a->flags & PORT_FLAG_ANY) && b->flags & PORT_FLAG_ANY) if (!(a->flags & PORT_FLAG_ANY) && (b->flags & PORT_FLAG_ANY))
return PORT_GT; return PORT_GT;
uint16_t a_port1 = a->port; uint16_t a_port1 = a->port;

4
src/detect-engine-sigorder.c
Unescape Escape View File

@ -172,7 +172,7 @@ static inline int SCSigGetFlowvarType(Signature *sig)
while (sm != NULL) { while (sm != NULL) {
pd = (DetectPcreData *)sm->ctx; pd = (DetectPcreData *)sm->ctx;
if (sm->type == DETECT_PCRE && pd->flags & DETECT_PCRE_CAPTURE_FLOW) { if (sm->type == DETECT_PCRE && (pd->flags & DETECT_PCRE_CAPTURE_FLOW)) {
type = DETECT_FLOWVAR_TYPE_SET; type = DETECT_FLOWVAR_TYPE_SET;
return type; return type;
} }
@ -217,7 +217,7 @@ static inline int SCSigGetPktvarType(Signature *sig)
while (sm != NULL) { while (sm != NULL) {
pd = (DetectPcreData *)sm->ctx; pd = (DetectPcreData *)sm->ctx;
if (sm->type == DETECT_PCRE && pd->flags & DETECT_PCRE_CAPTURE_PKT) { if (sm->type == DETECT_PCRE && (pd->flags & DETECT_PCRE_CAPTURE_PKT)) {
type = DETECT_PKTVAR_TYPE_SET; type = DETECT_PKTVAR_TYPE_SET;
return type; return type;
} }

20
src/detect-engine-state.c
Unescape Escape View File

@ -605,12 +605,12 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
/* check first if we have received new files in the livetime of /* check first if we have received new files in the livetime of
* this de_state (this tx). */ * this de_state (this tx). */
if (item->flags & (DE_STATE_FLAG_FILE_TC_INSPECT|DE_STATE_FLAG_FILE_TS_INSPECT)) { if (item->flags & (DE_STATE_FLAG_FILE_TC_INSPECT|DE_STATE_FLAG_FILE_TS_INSPECT)) {
if (flags & STREAM_TOCLIENT && f->de_state->flags & DE_STATE_FILE_TC_NEW) { if ((flags & STREAM_TOCLIENT) && (f->de_state->flags & DE_STATE_FILE_TC_NEW)) {
item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT; item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT;
item->flags &= ~DE_STATE_FLAG_FULL_MATCH; item->flags &= ~DE_STATE_FLAG_FULL_MATCH;
} }
if (flags & STREAM_TOSERVER && f->de_state->flags & DE_STATE_FILE_TS_NEW) { if ((flags & STREAM_TOSERVER) && (f->de_state->flags & DE_STATE_FILE_TS_NEW)) {
item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT; item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT;
item->flags &= ~DE_STATE_FLAG_FULL_MATCH; item->flags &= ~DE_STATE_FLAG_FULL_MATCH;
} }
@ -625,17 +625,17 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
/* if we know for sure we can't ever match, detect that here */ /* if we know for sure we can't ever match, detect that here */
if (item->flags & DE_STATE_FLAG_SIG_CANT_MATCH) { if (item->flags & DE_STATE_FLAG_SIG_CANT_MATCH) {
if (flags & STREAM_TOSERVER && if ((flags & STREAM_TOSERVER) &&
item->flags & DE_STATE_FLAG_FILE_TS_INSPECT && (item->flags & DE_STATE_FLAG_FILE_TS_INSPECT) &&
f->de_state->flags & DE_STATE_FILE_TS_NEW) { (f->de_state->flags & DE_STATE_FILE_TS_NEW)) {
/* new file, fall through */ /* new file, fall through */
item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT; item->flags &= ~DE_STATE_FLAG_FILE_TS_INSPECT;
item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH; item->flags &= ~DE_STATE_FLAG_SIG_CANT_MATCH;
} else if (flags & STREAM_TOCLIENT && } else if ((flags & STREAM_TOCLIENT) &&
item->flags & DE_STATE_FLAG_FILE_TC_INSPECT && (item->flags & DE_STATE_FLAG_FILE_TC_INSPECT) &&
f->de_state->flags & DE_STATE_FILE_TC_NEW) { (f->de_state->flags & DE_STATE_FILE_TC_NEW)) {
/* new file, fall through */ /* new file, fall through */
item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT; item->flags &= ~DE_STATE_FLAG_FILE_TC_INSPECT;
@ -648,9 +648,9 @@ int DeStateDetectContinueDetection(ThreadVars *tv, DetectEngineCtx *de_ctx, Dete
} }
/* only inspect in the right direction here */ /* only inspect in the right direction here */
if (flags & STREAM_TOSERVER && !(s->flags & SIG_FLAG_TOSERVER)) if ((flags & STREAM_TOSERVER) && !(s->flags & SIG_FLAG_TOSERVER))
continue; continue;
else if (flags & STREAM_TOCLIENT && !(s->flags & SIG_FLAG_TOCLIENT)) else if ((flags & STREAM_TOCLIENT) && !(s->flags & SIG_FLAG_TOCLIENT))
continue; continue;
RULE_PROFILING_START; RULE_PROFILING_START;

20
src/detect-fast-pattern.c
Unescape Escape View File

@ -206,11 +206,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
} }
cd = pm->ctx; cd = pm->ctx;
if (cd->flags & DETECT_CONTENT_NEGATED && if ((cd->flags & DETECT_CONTENT_NEGATED) &&
(cd->flags & DETECT_CONTENT_DISTANCE || ((cd->flags & DETECT_CONTENT_DISTANCE) ||
cd->flags & DETECT_CONTENT_WITHIN || (cd->flags & DETECT_CONTENT_WITHIN) ||
cd->flags & DETECT_CONTENT_OFFSET || (cd->flags & DETECT_CONTENT_OFFSET) ||
cd->flags & DETECT_CONTENT_DEPTH)) { (cd->flags & DETECT_CONTENT_DEPTH))) {
/* we can't have any of these if we are having "only" */ /* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be " SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern; cannot be "
@ -249,11 +249,11 @@ static int DetectFastPatternSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
strlen(arg), 0, 0, ov, MAX_SUBSTRINGS); strlen(arg), 0, 0, ov, MAX_SUBSTRINGS);
/* fast pattern only */ /* fast pattern only */
if (ret == 2) { if (ret == 2) {
if (cd->flags & DETECT_CONTENT_NEGATED || if ((cd->flags & DETECT_CONTENT_NEGATED) ||
cd->flags & DETECT_CONTENT_DISTANCE || (cd->flags & DETECT_CONTENT_DISTANCE) ||
cd->flags & DETECT_CONTENT_WITHIN || (cd->flags & DETECT_CONTENT_WITHIN) ||
cd->flags & DETECT_CONTENT_OFFSET || (cd->flags & DETECT_CONTENT_OFFSET) ||
cd->flags & DETECT_CONTENT_DEPTH) { (cd->flags & DETECT_CONTENT_DEPTH)) {
/* we can't have any of these if we are having "only" */ /* we can't have any of these if we are having "only" */
SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern: only; cannot be " SCLogError(SC_ERR_INVALID_SIGNATURE, "fast_pattern: only; cannot be "

2
src/detect-file-data.c
Unescape Escape View File

@ -74,7 +74,7 @@ void DetectFiledataRegister(void) {
static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) static int DetectFiledataSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{ {
SCEnter(); SCEnter();
if (s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) { if ((s->init_flags & SIG_FLAG_INIT_FLOW) && (s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with flow:to_server or from_client with http."); SCLogError(SC_ERR_INVALID_SIGNATURE, "Can't use file_data with flow:to_server or from_client with http.");
return -1; return -1;
} }

2
src/detect-fileext.c
Unescape Escape View File

@ -119,7 +119,7 @@ static int DetectFileextMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
} }
if (ret == 0 && fileext->flags & DETECT_CONTENT_NEGATED) { if (ret == 0 && (fileext->flags & DETECT_CONTENT_NEGATED)) {
SCLogDebug("negated match"); SCLogDebug("negated match");
ret = 1; ret = 1;
} }

2
src/detect-filename.c
Unescape Escape View File

@ -124,7 +124,7 @@ static int DetectFilenameMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
} }
} }
if (ret == 0 && filename->flags & DETECT_CONTENT_NEGATED) { if (ret == 0 && (filename->flags & DETECT_CONTENT_NEGATED)) {
SCLogDebug("negated match"); SCLogDebug("negated match");
ret = 1; ret = 1;
} }

4
src/detect-filestore.c
Unescape Escape View File

@ -137,9 +137,9 @@ static int FilestorePostMatchWithOptions(Packet *p, Flow *f, DetectFilestoreData
case FILESTORE_SCOPE_DEFAULT: case FILESTORE_SCOPE_DEFAULT:
if (rule_dir) { if (rule_dir) {
this_file = 1; this_file = 1;
} else if (p->flowflags & FLOW_PKT_TOCLIENT && toclient_dir) { } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && toclient_dir) {
this_file = 1; this_file = 1;
} else if (p->flowflags & FLOW_PKT_TOSERVER && toserver_dir) { } else if ((p->flowflags & FLOW_PKT_TOSERVER) && toserver_dir) {
this_file = 1; this_file = 1;
} }
break; break;

6
src/detect-flow.c
Unescape Escape View File

@ -127,13 +127,13 @@ int DetectFlowMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, S
uint8_t cnt = 0; uint8_t cnt = 0;
DetectFlowData *fd = (DetectFlowData *)m->ctx; DetectFlowData *fd = (DetectFlowData *)m->ctx;
if (fd->flags & FLOW_PKT_TOSERVER && p->flowflags & FLOW_PKT_TOSERVER) { if ((fd->flags & FLOW_PKT_TOSERVER) && (p->flowflags & FLOW_PKT_TOSERVER)) {
cnt++; cnt++;
} else if (fd->flags & FLOW_PKT_TOCLIENT && p->flowflags & FLOW_PKT_TOCLIENT) { } else if ((fd->flags & FLOW_PKT_TOCLIENT) && (p->flowflags & FLOW_PKT_TOCLIENT)) {
cnt++; cnt++;
} }
if (fd->flags & FLOW_PKT_ESTABLISHED && p->flowflags & FLOW_PKT_ESTABLISHED) { if ((fd->flags & FLOW_PKT_ESTABLISHED) && (p->flowflags & FLOW_PKT_ESTABLISHED)) {
cnt++; cnt++;
} else if (fd->flags & FLOW_PKT_STATELESS) { } else if (fd->flags & FLOW_PKT_STATELESS) {
cnt++; cnt++;

2
src/detect-http-client-body.c
Unescape Escape View File

@ -134,7 +134,7 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-cookie.c
Unescape Escape View File

@ -147,7 +147,7 @@ static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *s
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-header.c
Unescape Escape View File

@ -151,7 +151,7 @@ int DetectHttpHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-method.c
Unescape Escape View File

@ -130,7 +130,7 @@ static int DetectHttpMethodSetup(DetectEngineCtx *de_ctx, Signature *s, char *st
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-raw-header.c
Unescape Escape View File

@ -149,7 +149,7 @@ int DetectHttpRawHeaderSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-raw-uri.c
Unescape Escape View File

@ -122,7 +122,7 @@ static int DetectHttpRawUriSetup(DetectEngineCtx *de_ctx, Signature *s, char *ar
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

4
src/detect-http-server-body.c
Unescape Escape View File

@ -123,7 +123,7 @@ int DetectHttpServerBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
"be used with the rawbytes rule keyword"); "be used with the rawbytes rule keyword");
return -1; return -1;
} }
if (s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOSERVER && !(s->flags & SIG_FLAG_TOCLIENT)) { if ((s->init_flags & SIG_FLAG_INIT_FLOW) && (s->flags & SIG_FLAG_TOSERVER) && !(s->flags & SIG_FLAG_TOCLIENT)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "http_server_body cannot be used with flow:to_server or from_client"); SCLogError(SC_ERR_INVALID_SIGNATURE, "http_server_body cannot be used with flow:to_server or from_client");
return -1; return -1;
} }
@ -133,7 +133,7 @@ int DetectHttpServerBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-stat-code.c
Unescape Escape View File

@ -133,7 +133,7 @@ static int DetectHttpStatCodeSetup (DetectEngineCtx *de_ctx, Signature *s, char
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-stat-msg.c
Unescape Escape View File

@ -133,7 +133,7 @@ static int DetectHttpStatMsgSetup (DetectEngineCtx *de_ctx, Signature *s, char *
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-ua.c
Unescape Escape View File

@ -137,7 +137,7 @@ int DetectHttpUASetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-http-uri.c
Unescape Escape View File

@ -123,7 +123,7 @@ static int DetectHttpUriSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
goto error; goto error;
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_CONTENT, sm->prev, DETECT_CONTENT, sm->prev,
DETECT_PCRE, sm->prev); DETECT_PCRE, sm->prev);

2
src/detect-isdataat.c
Unescape Escape View File

@ -267,7 +267,7 @@ int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatst
sm->ctx = (void *)idad; sm->ctx = (void *)idad;
if (s->alproto == ALPROTO_DCERPC && if (s->alproto == ALPROTO_DCERPC &&
idad->flags & ISDATAAT_RELATIVE) { (idad->flags & ISDATAAT_RELATIVE)) {
pm = SigMatchGetLastSMFromLists(s, 6, pm = SigMatchGetLastSMFromLists(s, 6,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH], DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],

2
src/detect-offset.c
Unescape Escape View File

@ -138,7 +138,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
} }
} }
if (cd->flags & DETECT_CONTENT_WITHIN || cd->flags & DETECT_CONTENT_DISTANCE) { if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content." ); "with a non-relative keyword for the same content." );
goto error; goto error;

8
src/detect-parse.c
Unescape Escape View File

@ -992,8 +992,8 @@ static void SigBuildAddressMatchArray(Signature *s) {
static int SigValidate(Signature *s) { static int SigValidate(Signature *s) {
SCEnter(); SCEnter();
if (s->flags & SIG_FLAG_REQUIRE_PACKET && if ((s->flags & SIG_FLAG_REQUIRE_PACKET) &&
s->flags & SIG_FLAG_REQUIRE_STREAM) { (s->flags & SIG_FLAG_REQUIRE_STREAM)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix packet keywords with " SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix packet keywords with "
"tcp-stream or flow:only_stream. Invalidating signature."); "tcp-stream or flow:only_stream. Invalidating signature.");
SCReturnInt(0); SCReturnInt(0);
@ -1061,8 +1061,8 @@ static int SigValidate(Signature *s) {
for (sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; sm != NULL; sm = sm->next) { for (sm = s->sm_lists[DETECT_SM_LIST_PMATCH]; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) { if (sm->type == DETECT_CONTENT) {
DetectContentData *cd = (DetectContentData *)sm->ctx; DetectContentData *cd = (DetectContentData *)sm->ctx;
if (cd->flags & DETECT_CONTENT_DISTANCE || if ((cd->flags & DETECT_CONTENT_DISTANCE) ||
cd->flags & DETECT_CONTENT_WITHIN) { (cd->flags & DETECT_CONTENT_WITHIN)) {
SigMatch *pm = SigMatchGetLastSMFromLists(s, 4, SigMatch *pm = SigMatchGetLastSMFromLists(s, 4,
DETECT_PCRE, sm->prev, DETECT_PCRE, sm->prev,
DETECT_BYTEJUMP, sm->prev); DETECT_BYTEJUMP, sm->prev);

10
src/detect-pcre.c
Unescape Escape View File

@ -611,13 +611,13 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
if (pd == NULL) if (pd == NULL)
goto error; goto error;
if (pd->flags & DETECT_PCRE_HTTP_CLIENT_BODY && s->init_flags & SIG_FLAG_INIT_FLOW if ((pd->flags & DETECT_PCRE_HTTP_CLIENT_BODY) && (s->init_flags & SIG_FLAG_INIT_FLOW)
&& s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) { && (s->flags & SIG_FLAG_TOCLIENT) && !(s->flags & SIG_FLAG_TOSERVER)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /P with flow:from_server or flow:to_client"); SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /P with flow:from_server or flow:to_client");
goto error; goto error;
} }
if ((pd->flags & DETECT_PCRE_URI || pd->flags & DETECT_PCRE_HTTP_RAW_URI) if (((pd->flags & DETECT_PCRE_URI) || (pd->flags & DETECT_PCRE_HTTP_RAW_URI))
&& s->init_flags & SIG_FLAG_INIT_FLOW && s->flags & SIG_FLAG_TOCLIENT && !(s->flags & SIG_FLAG_TOSERVER)) { && (s->init_flags & SIG_FLAG_INIT_FLOW) && (s->flags & SIG_FLAG_TOCLIENT) && !(s->flags & SIG_FLAG_TOSERVER)) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /U or /I with flow:from_server or flow:to_client"); SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "Can't use pcre /U or /I with flow:from_server or flow:to_client");
goto error; goto error;
} }
@ -754,7 +754,7 @@ static int DetectPcreSetup (DetectEngineCtx *de_ctx, Signature *s, char *regexst
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSCDMATCH); SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSCDMATCH);
} else { } else {
if (s->alproto == ALPROTO_DCERPC && pd->flags & DETECT_PCRE_RELATIVE) { if (s->alproto == ALPROTO_DCERPC && (pd->flags & DETECT_PCRE_RELATIVE)) {
SigMatch *pm = NULL; SigMatch *pm = NULL;
SigMatch *dm = NULL; SigMatch *dm = NULL;

4
src/detect-rpc.c
Unescape Escape View File

@ -142,10 +142,10 @@ int DetectRpcMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Si
if (ntohl(msg->prog) != rd->program) if (ntohl(msg->prog) != rd->program)
return 0; return 0;
if (rd->flags & DETECT_RPC_CHECK_VERSION && ntohl(msg->vers) != rd->program_version) if ((rd->flags & DETECT_RPC_CHECK_VERSION) && ntohl(msg->vers) != rd->program_version)
return 0; return 0;
if (rd->flags & DETECT_RPC_CHECK_PROCEDURE && ntohl(msg->proc) != rd->procedure) if ((rd->flags & DETECT_RPC_CHECK_PROCEDURE) && ntohl(msg->proc) != rd->procedure)
return 0; return 0;
SCLogDebug("prog:%u pver:%u proc:%u matched", ntohl(msg->prog), ntohl(msg->vers), ntohl(msg->proc)); SCLogDebug("prog:%u pver:%u proc:%u matched", ntohl(msg->prog), ntohl(msg->vers), ntohl(msg->proc));

4
src/detect-ssh-proto-version.c
Unescape Escape View File

@ -127,7 +127,7 @@ int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *
int ret = 0; int ret = 0;
FLOWLOCK_RDLOCK(f); FLOWLOCK_RDLOCK(f);
if (flags & STREAM_TOCLIENT && ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED) { if ((flags & STREAM_TOCLIENT) && (ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED)) {
if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) { if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) {
SCLogDebug("looking for ssh server protoversion 2 compat"); SCLogDebug("looking for ssh server protoversion 2 compat");
if (strncmp((char *) ssh_state->server_proto_version, "2", 1) == 0 || if (strncmp((char *) ssh_state->server_proto_version, "2", 1) == 0 ||
@ -138,7 +138,7 @@ int DetectSshVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *
SCLogDebug("looking for ssh server protoversion %s length %"PRIu16"", ssh->ver, ssh->len); SCLogDebug("looking for ssh server protoversion %s length %"PRIu16"", ssh->ver, ssh->len);
ret = (strncmp((char *) ssh_state->server_proto_version, (char *) ssh->ver, ssh->len) == 0)? 1 : 0; ret = (strncmp((char *) ssh_state->server_proto_version, (char *) ssh->ver, ssh->len) == 0)? 1 : 0;
} }
} else if (flags & STREAM_TOSERVER && ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED) { } else if ((flags & STREAM_TOSERVER) && (ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED)) {
if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) { if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) {
SCLogDebug("looking for client ssh client protoversion 2 compat"); SCLogDebug("looking for client ssh client protoversion 2 compat");
if (strncmp((char *) ssh_state->client_proto_version, "2", 1) == 0 || if (strncmp((char *) ssh_state->client_proto_version, "2", 1) == 0 ||

4
src/detect-ssh-software-version.c
Unescape Escape View File

@ -132,10 +132,10 @@ int DetectSshSoftwareVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx
int ret = 0; int ret = 0;
FLOWLOCK_RDLOCK(f); FLOWLOCK_RDLOCK(f);
if (flags & STREAM_TOCLIENT && ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED) { if ((flags & STREAM_TOCLIENT) && (ssh_state->flags & SSH_FLAG_SERVER_VERSION_PARSED)) {
SCLogDebug("looking for ssh server softwareversion %s length %"PRIu16" on %s", ssh->software_ver, ssh->len, ssh_state->server_software_version); SCLogDebug("looking for ssh server softwareversion %s length %"PRIu16" on %s", ssh->software_ver, ssh->len, ssh_state->server_software_version);
ret = (strncmp((char *) ssh_state->server_software_version, (char *) ssh->software_ver, ssh->len) == 0)? 1 : 0; ret = (strncmp((char *) ssh_state->server_software_version, (char *) ssh->software_ver, ssh->len) == 0)? 1 : 0;
} else if (flags & STREAM_TOSERVER && ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED) { } else if ((flags & STREAM_TOSERVER) && (ssh_state->flags & SSH_FLAG_CLIENT_VERSION_PARSED)) {
SCLogDebug("looking for ssh client softwareversion %s length %"PRIu16" on %s", ssh->software_ver, ssh->len, ssh_state->client_software_version); SCLogDebug("looking for ssh client softwareversion %s length %"PRIu16" on %s", ssh->software_ver, ssh->len, ssh_state->client_software_version);
ret = (strncmp((char *) ssh_state->client_software_version, (char *) ssh->software_ver, ssh->len) == 0)? 1 : 0; ret = (strncmp((char *) ssh_state->client_software_version, (char *) ssh->software_ver, ssh->len) == 0)? 1 : 0;
} }

8
src/detect-ssl-state.c
Unescape Escape View File

@ -143,22 +143,22 @@ int DetectSslStateMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
FLOWLOCK_RDLOCK(f); FLOWLOCK_RDLOCK(f);
if (ssd->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO && if ((ssd->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) &&
!(ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO)) { !(ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO)) {
result = 0; result = 0;
goto end; goto end;
} }
if (ssd->flags & SSL_AL_FLAG_STATE_SERVER_HELLO && if ((ssd->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
!(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO)) { !(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO)) {
result = 0; result = 0;
goto end; goto end;
} }
if (ssd->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX && if ((ssd->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX) &&
!(ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX)) { !(ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_KEYX)) {
result = 0; result = 0;
goto end; goto end;
} }
if (ssd->flags & SSL_AL_FLAG_STATE_SERVER_KEYX && if ((ssd->flags & SSL_AL_FLAG_STATE_SERVER_KEYX) &&
!(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_KEYX)) { !(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_KEYX)) {
result = 0; result = 0;
goto end; goto end;

2
src/detect-within.c
Unescape Escape View File

@ -216,7 +216,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
} }
} }
if (cd->flags & DETECT_CONTENT_DEPTH || cd->flags & DETECT_CONTENT_OFFSET) { if ((cd->flags & DETECT_CONTENT_DEPTH) || (cd->flags & DETECT_CONTENT_OFFSET)) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword " SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use a relative keyword "
"with a non-relative keyword for the same content" ); "with a non-relative keyword for the same content" );
goto error; goto error;

44
src/detect.c
Unescape Escape View File

@ -863,7 +863,7 @@ static StreamMsg *SigMatchSignaturesGetSmsg(Flow *f, Packet *p, uint8_t flags) {
TcpSession *ssn = (TcpSession *)f->protoctx; TcpSession *ssn = (TcpSession *)f->protoctx;
/* at stream eof, or in inline mode, inspect all smsg's */ /* at stream eof, or in inline mode, inspect all smsg's */
if (flags & STREAM_EOF || StreamTcpInlineMode()) { if ((flags & STREAM_EOF) || StreamTcpInlineMode()) {
if (p->flowflags & FLOW_PKT_TOSERVER) { if (p->flowflags & FLOW_PKT_TOSERVER) {
smsg = ssn->toserver_smsg_head; smsg = ssn->toserver_smsg_head;
/* deref from the ssn */ /* deref from the ssn */
@ -962,7 +962,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
*sms_runflags |= SMS_USED_PM; *sms_runflags |= SMS_USED_PM;
} }
if (!(p->flags & PKT_STREAM_ADD) && det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM) { if (!(p->flags & PKT_STREAM_ADD) && (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM)) {
*sms_runflags |= SMS_USED_PM; *sms_runflags |= SMS_USED_PM;
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_PKT_STREAM); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_PKT_STREAM);
PacketPatternSearchWithStreamCtx(det_ctx, p); PacketPatternSearchWithStreamCtx(det_ctx, p);
@ -973,7 +973,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
/* have a look at the reassembled stream (if any) */ /* have a look at the reassembled stream (if any) */
if (p->flowflags & FLOW_PKT_ESTABLISHED) { if (p->flowflags & FLOW_PKT_ESTABLISHED) {
SCLogDebug("p->flowflags & FLOW_PKT_ESTABLISHED"); SCLogDebug("p->flowflags & FLOW_PKT_ESTABLISHED");
if (smsg != NULL && det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM) { if (smsg != NULL && (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_STREAM)) {
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_STREAM); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_STREAM);
StreamPatternSearch(det_ctx, p, smsg, flags); StreamPatternSearch(det_ctx, p, smsg, flags);
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_STREAM); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_STREAM);
@ -1012,7 +1012,7 @@ static inline void DetectMpmPrefilter(DetectEngineCtx *de_ctx,
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HUAD); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HUAD);
} }
} else { /* implied FLOW_PKT_TOCLIENT */ } else { /* implied FLOW_PKT_TOCLIENT */
if (p->flowflags & FLOW_PKT_TOCLIENT && det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSBD) { if ((p->flowflags & FLOW_PKT_TOCLIENT) && (det_ctx->sgh->flags & SIG_GROUP_HEAD_MPM_HSBD)) {
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HSBD); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_MPM_HSBD);
DetectEngineRunHttpServerBodyMpm(de_ctx, det_ctx, p->flow, alstate, flags); DetectEngineRunHttpServerBodyMpm(de_ctx, det_ctx, p->flow, alstate, flags);
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HSBD); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_MPM_HSBD);
@ -1202,10 +1202,10 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
* the sgh for icmp error packets part of the same stream. */ * the sgh for icmp error packets part of the same stream. */
if (IP_GET_IPPROTO(p) == p->flow->proto) { /* filter out icmp */ if (IP_GET_IPPROTO(p) == p->flow->proto) { /* filter out icmp */
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_GETSGH);
if (p->flowflags & FLOW_PKT_TOSERVER && p->flow->flags & FLOW_SGH_TOSERVER) { if ((p->flowflags & FLOW_PKT_TOSERVER) && (p->flow->flags & FLOW_SGH_TOSERVER)) {
det_ctx->sgh = p->flow->sgh_toserver; det_ctx->sgh = p->flow->sgh_toserver;
sms_runflags |= SMS_USE_FLOW_SGH; sms_runflags |= SMS_USE_FLOW_SGH;
} else if (p->flowflags & FLOW_PKT_TOCLIENT && p->flow->flags & FLOW_SGH_TOCLIENT) { } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && (p->flow->flags & FLOW_SGH_TOCLIENT)) {
det_ctx->sgh = p->flow->sgh_toclient; det_ctx->sgh = p->flow->sgh_toclient;
sms_runflags |= SMS_USE_FLOW_SGH; sms_runflags |= SMS_USE_FLOW_SGH;
} }
@ -1225,9 +1225,9 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
/* Retrieve the app layer state and protocol and the tcp reassembled /* Retrieve the app layer state and protocol and the tcp reassembled
* stream chunks. */ * stream chunks. */
if ((p->proto == IPPROTO_TCP && p->flags & PKT_STREAM_EST) || if ((p->proto == IPPROTO_TCP && (p->flags & PKT_STREAM_EST)) ||
(p->proto == IPPROTO_UDP && p->flowflags & FLOW_PKT_ESTABLISHED) || (p->proto == IPPROTO_UDP && (p->flowflags & FLOW_PKT_ESTABLISHED)) ||
(p->proto == IPPROTO_SCTP && p->flowflags & FLOW_PKT_ESTABLISHED)) (p->proto == IPPROTO_SCTP && (p->flowflags & FLOW_PKT_ESTABLISHED)))
{ {
alstate = AppLayerGetProtoStateFromPacket(p); alstate = AppLayerGetProtoStateFromPacket(p);
alproto = AppLayerGetProtoFromPacket(p); alproto = AppLayerGetProtoFromPacket(p);
@ -1273,8 +1273,8 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL); PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
} }
if ((p->flowflags & FLOW_PKT_TOSERVER && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) || if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
(p->flowflags & FLOW_PKT_TOCLIENT && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET)))
{ {
SCLogDebug("testing against \"ip-only\" signatures"); SCLogDebug("testing against \"ip-only\" signatures");
@ -1286,9 +1286,9 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
* done in the FlowSetIPOnlyFlag function. */ * done in the FlowSetIPOnlyFlag function. */
FlowSetIPOnlyFlag(p->flow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0); FlowSetIPOnlyFlag(p->flow, p->flowflags & FLOW_PKT_TOSERVER ? 1 : 0);
} else if ((p->flowflags & FLOW_PKT_TOSERVER && } else if (((p->flowflags & FLOW_PKT_TOSERVER) &&
(p->flow->flags & FLOW_TOSERVER_IPONLY_SET)) || (p->flow->flags & FLOW_TOSERVER_IPONLY_SET)) ||
(p->flowflags & FLOW_PKT_TOCLIENT && ((p->flowflags & FLOW_PKT_TOCLIENT) &&
(p->flow->flags & FLOW_TOCLIENT_IPONLY_SET))) (p->flow->flags & FLOW_TOCLIENT_IPONLY_SET)))
{ {
/* Get the result of the first IPOnlyMatch() */ /* Get the result of the first IPOnlyMatch() */
@ -1348,7 +1348,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
/* stateful app layer detection */ /* stateful app layer detection */
if (p->flags & PKT_HAS_FLOW && alstate != NULL) { if ((p->flags & PKT_HAS_FLOW) && alstate != NULL) {
/* initialize to 0 (DE_STATE_MATCH_NOSTATE) */ /* initialize to 0 (DE_STATE_MATCH_NOSTATE) */
memset(det_ctx->de_state_sig_array, 0x00, det_ctx->de_state_sig_array_len); memset(det_ctx->de_state_sig_array, 0x00, det_ctx->de_state_sig_array_len);
@ -1386,7 +1386,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
/* check if this signature has a requirement for flowvars of some type /* check if this signature has a requirement for flowvars of some type
* and if so, if we actually have any in the flow. If not, the sig * and if so, if we actually have any in the flow. If not, the sig
* can't match and we skip it. */ * can't match and we skip it. */
if (p->flags & PKT_HAS_FLOW && s->flags & SIG_FLAG_REQUIRE_FLOWVAR) { if ((p->flags & PKT_HAS_FLOW) && (s->flags & SIG_FLAG_REQUIRE_FLOWVAR)) {
FLOWLOCK_RDLOCK(p->flow); FLOWLOCK_RDLOCK(p->flow);
int m = p->flow->flowvar ? 1 : 0; int m = p->flow->flowvar ? 1 : 0;
FLOWLOCK_UNLOCK(p->flow); FLOWLOCK_UNLOCK(p->flow);
@ -1497,7 +1497,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
} }
if (sms_runflags & SMS_USED_PM) { if (sms_runflags & SMS_USED_PM) {
if (s->flags & SIG_FLAG_MPM_PACKET && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) && if ((s->flags & SIG_FLAG_MPM_PACKET) && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) &&
!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] & !(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] &
s->mpm_pattern_id_mod_8)) { s->mpm_pattern_id_mod_8)) {
goto next; goto next;
@ -1513,7 +1513,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
} }
} else { } else {
if (sms_runflags & SMS_USED_PM) { if (sms_runflags & SMS_USED_PM) {
if (s->flags & SIG_FLAG_MPM_PACKET && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) && if ((s->flags & SIG_FLAG_MPM_PACKET) && !(s->flags & SIG_FLAG_MPM_PACKET_NEG) &&
!(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] & !(det_ctx->pmq.pattern_id_bitarray[(s->mpm_pattern_id_div_8)] &
s->mpm_pattern_id_mod_8)) { s->mpm_pattern_id_mod_8)) {
goto next; goto next;
@ -1661,7 +1661,7 @@ end:
} }
if (!(sms_runflags & SMS_USE_FLOW_SGH)) { if (!(sms_runflags & SMS_USE_FLOW_SGH)) {
if (p->flowflags & FLOW_PKT_TOSERVER && !(p->flow->flags & FLOW_SGH_TOSERVER)) { if ((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flow->flags & FLOW_SGH_TOSERVER)) {
/* first time we see this toserver sgh, store it */ /* first time we see this toserver sgh, store it */
p->flow->sgh_toserver = det_ctx->sgh; p->flow->sgh_toserver = det_ctx->sgh;
p->flow->flags |= FLOW_SGH_TOSERVER; p->flow->flags |= FLOW_SGH_TOSERVER;
@ -1694,7 +1694,7 @@ end:
SCLogDebug("disabling filesize for flow"); SCLogDebug("disabling filesize for flow");
FileDisableFilesize(p->flow, STREAM_TOSERVER); FileDisableFilesize(p->flow, STREAM_TOSERVER);
} }
} else if (p->flowflags & FLOW_PKT_TOCLIENT && !(p->flow->flags & FLOW_SGH_TOCLIENT)) { } else if ((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flow->flags & FLOW_SGH_TOCLIENT)) {
p->flow->sgh_toclient = det_ctx->sgh; p->flow->sgh_toclient = det_ctx->sgh;
p->flow->flags |= FLOW_SGH_TOCLIENT; p->flow->flags |= FLOW_SGH_TOCLIENT;
@ -1754,7 +1754,7 @@ TmEcode Detect(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQue
DEBUG_VALIDATE_PACKET(p); DEBUG_VALIDATE_PACKET(p);
/* No need to perform any detection on this packet, if the the given flag is set.*/ /* No need to perform any detection on this packet, if the the given flag is set.*/
if (p->flags & PKT_NOPACKET_INSPECTION || p->action & ACTION_DROP) if ((p->flags & PKT_NOPACKET_INSPECTION) || (p->action & ACTION_DROP))
return 0; return 0;
DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data; DetectEngineThreadCtx *det_ctx = (DetectEngineThreadCtx *)data;
@ -2302,8 +2302,8 @@ static int SignatureCreateMask(Signature *s) {
} }
} }
if (s->mask & SIG_MASK_REQUIRE_DCE_STATE || if ((s->mask & SIG_MASK_REQUIRE_DCE_STATE) ||
s->mask & SIG_MASK_REQUIRE_HTTP_STATE) (s->mask & SIG_MASK_REQUIRE_HTTP_STATE))
{ {
s->mask |= SIG_MASK_REQUIRE_FLOW; s->mask |= SIG_MASK_REQUIRE_FLOW;
SCLogDebug("sig requires flow"); SCLogDebug("sig requires flow");

2
src/flow-manager.c
Unescape Escape View File

@ -136,7 +136,7 @@ static inline int FlowGetFlowState(Flow *f) {
if (flow_proto[f->protomap].GetProtoState != NULL) { if (flow_proto[f->protomap].GetProtoState != NULL) {
return flow_proto[f->protomap].GetProtoState(f->protoctx); return flow_proto[f->protomap].GetProtoState(f->protoctx);
} else { } else {
if (f->flags & FLOW_TO_SRC_SEEN && f->flags & FLOW_TO_DST_SEEN) if ((f->flags & FLOW_TO_SRC_SEEN) && (f->flags & FLOW_TO_DST_SEEN))
return FLOW_STATE_ESTABLISHED; return FLOW_STATE_ESTABLISHED;
else else
return FLOW_STATE_NEW; return FLOW_STATE_NEW;

2
src/flow-timeout.c
Unescape Escape View File

@ -293,7 +293,7 @@ int FlowForceReassemblyNeedReassmbly(Flow *f, int *server, int *client) {
TcpSession *ssn; TcpSession *ssn;
/* looks like we have no flows in this queue */ /* looks like we have no flows in this queue */
if (f == NULL || f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE) { if (f == NULL || (f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE)) {
return 0; return 0;
} }

2
src/flow.c
Unescape Escape View File

@ -292,7 +292,7 @@ void FlowHandlePacket (ThreadVars *tv, Packet *p)
f->bytecnt += GET_PKT_LEN(p); f->bytecnt += GET_PKT_LEN(p);
#endif #endif
if (f->flags & FLOW_TO_DST_SEEN && f->flags & FLOW_TO_SRC_SEEN) { if ((f->flags & FLOW_TO_DST_SEEN) && (f->flags & FLOW_TO_SRC_SEEN)) {
SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p); SCLogDebug("pkt %p FLOW_PKT_ESTABLISHED", p);
p->flowflags |= FLOW_PKT_ESTABLISHED; p->flowflags |= FLOW_PKT_ESTABLISHED;
} }

2
src/log-pcap.c
Unescape Escape View File

@ -244,7 +244,7 @@ TmEcode PcapLog (ThreadVars *t, Packet *p, void *data, PacketQueue *pq,
PcapLogData *pl = (PcapLogData *)data; PcapLogData *pl = (PcapLogData *)data;
if (p->flags & PKT_PSEUDO_STREAM_END || if ((p->flags & PKT_PSEUDO_STREAM_END) ||
((p->flags & PKT_STREAM_NOPCAPLOG) && ((p->flags & PKT_STREAM_NOPCAPLOG) &&
(pl->use_stream_depth == USE_STREAM_DEPTH_ENABLED)) || (pl->use_stream_depth == USE_STREAM_DEPTH_ENABLED)) ||
(IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p))) (IS_TUNNEL_PKT(p) && !IS_TUNNEL_ROOT_PKT(p)))

20
src/stream-tcp-reassemble.c
Unescape Escape View File

@ -1728,8 +1728,8 @@ static void StreamTcpSetupMsg(TcpSession *ssn, TcpStream *stream, Packet *p,
smsg->flags |= STREAM_EOF; smsg->flags |= STREAM_EOF;
} }
if ((!StreamTcpInlineMode() && p->flowflags & FLOW_PKT_TOSERVER) || if ((!StreamTcpInlineMode() && (p->flowflags & FLOW_PKT_TOSERVER)) ||
( StreamTcpInlineMode() && p->flowflags & FLOW_PKT_TOCLIENT)) ( StreamTcpInlineMode() && (p->flowflags & FLOW_PKT_TOCLIENT)))
{ {
smsg->flags |= STREAM_TOCLIENT; smsg->flags |= STREAM_TOCLIENT;
SCLogDebug("stream mesage is to_client"); SCLogDebug("stream mesage is to_client");
@ -1850,8 +1850,8 @@ static void StreamTcpRemoveSegmentFromStream(TcpStream *stream, TcpSegment *seg)
* \retval 0 not done yet * \retval 0 not done yet
*/ */
#define StreamTcpAppLayerSegmentProcessed(stream, segment) \ #define StreamTcpAppLayerSegmentProcessed(stream, segment) \
(((stream)->flags & STREAMTCP_STREAM_FLAG_GAP || \ (( ( (stream)->flags & STREAMTCP_STREAM_FLAG_GAP ) || \
(segment)->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) ? 1 :0) ( (segment)->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED ) ? 1 :0 ))
/** /**
* \brief Update the stream reassembly upon receiving a data segment * \brief Update the stream reassembly upon receiving a data segment
@ -2566,8 +2566,8 @@ void StreamTcpPruneSession(Flow *f, uint8_t flags) {
(uint32_t)(seg->seq + seg->payload_len)); (uint32_t)(seg->seq + seg->payload_len));
if (SEQ_LEQ((seg->seq + seg->payload_len), (ra_base_seq+1)) && if (SEQ_LEQ((seg->seq + seg->payload_len), (ra_base_seq+1)) &&
seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED && (seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) &&
seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) { (seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED)) {
if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) { if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) {
seg = seg->next; seg = seg->next;
break; break;
@ -2700,8 +2700,8 @@ static int StreamTcpReassembleAppLayer (ThreadVars *tv,
/* Remove the segments which are either completely before the /* Remove the segments which are either completely before the
* ra_base_seq and processed by both app layer and raw reassembly. */ * ra_base_seq and processed by both app layer and raw reassembly. */
} else if (SEQ_LEQ((seg->seq + seg->payload_len), (ra_base_seq+1)) && } else if (SEQ_LEQ((seg->seq + seg->payload_len), (ra_base_seq+1)) &&
seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED && (seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) &&
seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) { (seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED)) {
if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) { if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) {
seg = seg->next; seg = seg->next;
continue; continue;
@ -3086,8 +3086,8 @@ static int StreamTcpReassembleRaw (TcpReassemblyThreadCtx *ra_ctx,
* If the stream is in GAP state the app layer flag won't be set */ * If the stream is in GAP state the app layer flag won't be set */
if ((ssn->flags & STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED) && if ((ssn->flags & STREAMTCP_FLAG_APPPROTO_DETECTION_COMPLETED) &&
(seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) && (seg->flags & SEGMENTTCP_FLAG_RAW_PROCESSED) &&
(seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED || ((seg->flags & SEGMENTTCP_FLAG_APPLAYER_PROCESSED) ||
stream->flags & STREAMTCP_STREAM_FLAG_GAP)) (stream->flags & STREAMTCP_STREAM_FLAG_GAP)))
{ {
if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) { if (StreamTcpReturnSegmentCheck(ssn, stream, seg) == 0) {
seg = seg->next; seg = seg->next;

20
src/stream-tcp.c
Unescape Escape View File

@ -955,7 +955,7 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
/* SYN/ACK */ /* SYN/ACK */
} else if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) { } else if ((p->tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
if (ssn->flags & STREAMTCP_FLAG_4WHS && PKT_IS_TOSERVER(p)) { if ((ssn->flags & STREAMTCP_FLAG_4WHS) && PKT_IS_TOSERVER(p)) {
SCLogDebug("ssn %p: SYN/ACK received on 4WHS session", ssn); SCLogDebug("ssn %p: SYN/ACK received on 4WHS session", ssn);
/* Check if the SYN/ACK packet ack's the earlier /* Check if the SYN/ACK packet ack's the earlier
@ -1412,7 +1412,7 @@ static int StreamTcpPacketStateSynRecv(ThreadVars *tv, Packet *p,
} }
} }
if (ssn->flags & STREAMTCP_FLAG_4WHS && PKT_IS_TOCLIENT(p)) { if ((ssn->flags & STREAMTCP_FLAG_4WHS) && PKT_IS_TOCLIENT(p)) {
SCLogDebug("ssn %p: ACK received on 4WHS session",ssn); SCLogDebug("ssn %p: ACK received on 4WHS session",ssn);
if (!(SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq))) { if (!(SEQ_EQ(TCP_GET_SEQ(p), ssn->server.next_seq))) {
@ -1695,7 +1695,7 @@ static int HandleEstablishedPacketToServer(ThreadVars *tv, TcpSession *ssn, Pack
SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn); SCLogDebug("ssn %p: zero window probe, skipping oow check", ssn);
} else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) || } else if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) ||
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) ||
ssn->flags & STREAMTCP_FLAG_ASYNC) (ssn->flags & STREAMTCP_FLAG_ASYNC))
{ {
SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win " SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win "
"%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win); "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win);
@ -2628,7 +2628,7 @@ static int StreamTcpPacketStateFinWait1(ThreadVars *tv, Packet *p,
if (!retransmission) { if (!retransmission) {
if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) || if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) ||
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) ||
ssn->flags & STREAMTCP_FLAG_ASYNC) (ssn->flags & STREAMTCP_FLAG_ASYNC))
{ {
SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win " SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win "
"%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win); "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win);
@ -2894,7 +2894,7 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p,
if (!retransmission) { if (!retransmission) {
if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) || if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->client.next_win) ||
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) ||
ssn->flags & STREAMTCP_FLAG_ASYNC) (ssn->flags & STREAMTCP_FLAG_ASYNC))
{ {
SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win " SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->client.next_win "
"%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win); "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->client.next_win);
@ -2953,7 +2953,7 @@ static int StreamTcpPacketStateFinWait2(ThreadVars *tv, Packet *p,
if (!retransmission) { if (!retransmission) {
if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) || if (SEQ_LEQ(TCP_GET_SEQ(p) + p->payload_len, ssn->server.next_win) ||
(ssn->flags & STREAMTCP_FLAG_MIDSTREAM) || (ssn->flags & STREAMTCP_FLAG_MIDSTREAM) ||
ssn->flags & STREAMTCP_FLAG_ASYNC) (ssn->flags & STREAMTCP_FLAG_ASYNC))
{ {
SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win " SCLogDebug("ssn %p: seq %"PRIu32" in window, ssn->server.next_win "
"%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win); "%" PRIu32 "", ssn, TCP_GET_SEQ(p), ssn->server.next_win);
@ -3971,15 +3971,15 @@ static int StreamTcpPacket (ThreadVars *tv, Packet *p, StreamTcpThread *stt,
/* check for conditions that may make us not want to log this packet */ /* check for conditions that may make us not want to log this packet */
/* streams that hit depth */ /* streams that hit depth */
if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED || if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED) ||
ssn->server.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED)) (ssn->server.flags & STREAMTCP_STREAM_FLAG_DEPTH_REACHED))
{ {
p->flags |= PKT_STREAM_NOPCAPLOG; p->flags |= PKT_STREAM_NOPCAPLOG;
} }
/* encrypted packets */ /* encrypted packets */
if ((PKT_IS_TOSERVER(p) && ssn->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) || if ((PKT_IS_TOSERVER(p) && (ssn->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) ||
(PKT_IS_TOCLIENT(p) && ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) (PKT_IS_TOCLIENT(p) && (ssn->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)))
{ {
p->flags |= PKT_STREAM_NOPCAPLOG; p->flags |= PKT_STREAM_NOPCAPLOG;
} }

6
src/tm-threads.c
Unescape Escape View File

@ -1997,14 +1997,14 @@ void TmThreadCheckThreadState(void)
if (TmThreadsCheckFlag(tv, THV_FAILED)) { if (TmThreadsCheckFlag(tv, THV_FAILED)) {
TmThreadsSetFlag(tv, THV_DEINIT); TmThreadsSetFlag(tv, THV_DEINIT);
pthread_join(tv->t, NULL); pthread_join(tv->t, NULL);
if (tv_aof & THV_ENGINE_EXIT || tv->aof & THV_ENGINE_EXIT) { if ((tv_aof & THV_ENGINE_EXIT) || (tv->aof & THV_ENGINE_EXIT)) {
EngineKill(); EngineKill();
return; return;
} else { } else {
/* if the engine kill-stop has been received by now, chuck /* if the engine kill-stop has been received by now, chuck
* restarting and return to kill the engine */ * restarting and return to kill the engine */
if (suricata_ctl_flags & SURICATA_KILL || if ((suricata_ctl_flags & SURICATA_KILL) ||
suricata_ctl_flags & SURICATA_STOP) { (suricata_ctl_flags & SURICATA_STOP)) {
return; return;
} }
TmThreadRestartThread(tv); TmThreadRestartThread(tv);

6
src/util-action.c
Unescape Escape View File

@ -52,9 +52,9 @@ uint8_t action_order_sigs[4] = {ACTION_PASS, ACTION_DROP, ACTION_REJECT, ACTION_
*/ */
uint8_t ActionOrderVal(uint8_t action) { uint8_t ActionOrderVal(uint8_t action) {
/* reject_both and reject_dst have the same prio as reject */ /* reject_both and reject_dst have the same prio as reject */
if( action & ACTION_REJECT || if( (action & ACTION_REJECT) ||
action & ACTION_REJECT_BOTH || (action & ACTION_REJECT_BOTH) ||
action & ACTION_REJECT_BOTH) { (action & ACTION_REJECT_DST)) {
action = ACTION_REJECT; action = ACTION_REJECT;
} }
uint8_t i = 0; uint8_t i = 0;

Write Preview
Loading…
Cancel
Save