aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/iponly: don't check & set flow flags twice

Browse Source 
Per flow IP-only flags are checked and set by IP-only engine, so
no need to set/check them per alert.
pull/5971/head
Victor Julien 4 years ago
parent 55a0e29c8e
commit fbcdd2ec26
1 changed files with 11 additions and 19 deletions
Show Stats Download Patch File Download Diff File

30
src/detect-engine-alert.c
Unescape Escape View File

@ -263,25 +263,17 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
}
if (s->flags & SIG_FLAG_IPONLY) {
if (((p->flowflags & FLOW_PKT_TOSERVER) && !(p->flowflags & FLOW_PKT_TOSERVER_IPONLY_SET)) ||
((p->flowflags & FLOW_PKT_TOCLIENT) && !(p->flowflags & FLOW_PKT_TOCLIENT_IPONLY_SET))) {
SCLogDebug("testing against \"ip-only\" signatures");
if (p->flow != NULL) {
/* Update flow flags for iponly */
FlowSetIPOnlyFlag(p->flow, (p->flowflags & FLOW_PKT_TOSERVER) ? 1 : 0);
if (s->action & ACTION_DROP)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_REJECT)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_REJECT_DST)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_REJECT_BOTH)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_PASS) {
FlowSetNoPacketInspectionFlag(p->flow);
}
if (p->flow != NULL) {
if (s->action & ACTION_DROP)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_REJECT)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_REJECT_DST)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_REJECT_BOTH)
p->flow->flags |= FLOW_ACTION_DROP;
if (s->action & ACTION_PASS) {
FlowSetNoPacketInspectionFlag(p->flow);
}
}
}

Write Preview
Loading…
Cancel
Save