aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: set drop reason for rule based drops

Browse Source 
Call `PacketDrop` with drop reason for drops, keep old logic
in place for the rest.
pull/7553/head
Victor Julien 3 years ago
parent ad14e71efe
commit a89840929b
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File

10
src/detect-engine-alert.c
Unescape Escape View File

@ -178,9 +178,10 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
{ {
SCLogDebug("packet %" PRIu64 " sid %u action %02x alert_flags %02x", p->pcap_cnt, s->id, SCLogDebug("packet %" PRIu64 " sid %u action %02x alert_flags %02x", p->pcap_cnt, s->id,
s->action, alert_flags); s->action, alert_flags);
PacketUpdateAction(p, s->action);
if (s->action & ACTION_DROP) { if (s->action & ACTION_DROP) {
PacketDrop(p, PKT_DROP_REASON_RULES);
if (p->alerts.drop.action == 0) { if (p->alerts.drop.action == 0) {
p->alerts.drop.num = s->num; p->alerts.drop.num = s->num;
p->alerts.drop.action = s->action; p->alerts.drop.action = s->action;
@ -189,8 +190,11 @@ static void PacketApplySignatureActions(Packet *p, const Signature *s, const uin
if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) { if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
RuleActionToFlow(s->action, p->flow); RuleActionToFlow(s->action, p->flow);
} }
} else if (s->action & ACTION_PASS) { } else {
if ((p->flow != NULL) && (alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) { PacketUpdateAction(p, s->action);
if ((s->action & ACTION_PASS) && (p->flow != NULL) &&
(alert_flags & PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW)) {
RuleActionToFlow(s->action, p->flow); RuleActionToFlow(s->action, p->flow);
} }
} }

Write Preview
Loading…
Cancel
Save