#define SID 0
#define GID 1
-#define TRACK 2
+#define REV 2
+#define TRACK 3
typedef struct ThresholdEntry_ {
- uint32_t key[3];
+ uint32_t key[4];
uint32_t tv_timeout; /**< Timeout for new_action (for rate_filter)
its not "seconds", that define the time interval */
return NULL;
}
-static ThresholdEntry *ThresholdFlowLookupEntry(Flow *f, uint32_t sid, uint32_t gid)
+static ThresholdEntry *ThresholdFlowLookupEntry(Flow *f, uint32_t sid, uint32_t gid, uint32_t rev)
{
FlowVarThreshold *t = FlowThresholdVarGet(f);
if (t == NULL)
return NULL;
for (FlowThresholdEntryList *e = t->thresholds; e != NULL; e = e->next) {
- if (e->threshold.key[SID] == sid && e->threshold.key[GID] == gid) {
+ if (e->threshold.key[SID] == sid && e->threshold.key[GID] == gid &&
+ e->threshold.key[REV] == rev) {
return &e->threshold;
}
}
}
static int ThresholdSetup(const DetectThresholdData *td, ThresholdEntry *te,
- const SCTime_t packet_time, const uint32_t sid, const uint32_t gid)
+ const SCTime_t packet_time, const uint32_t sid, const uint32_t gid, const uint32_t rev)
{
te->key[SID] = sid;
te->key[GID] = gid;
+ te->key[REV] = rev;
te->key[TRACK] = td->track;
te->seconds = td->seconds;
memset(&lookup, 0, sizeof(lookup));
lookup.key[SID] = s->id;
lookup.key[GID] = s->gid;
+ lookup.key[REV] = s->rev;
lookup.key[TRACK] = td->track;
if (td->track == TRACK_SRC) {
COPY_ADDRESS(&p->src, &lookup.addr);
ThresholdEntry *te = res.data->data;
if (res.is_new) {
// new threshold, set up
- r = ThresholdSetup(td, te, p->ts, s->id, s->gid);
+ r = ThresholdSetup(td, te, p->ts, s->id, s->gid, s->rev);
} else {
// existing, check/update
r = ThresholdCheckUpdate(td, te, p, s->id, pa);
* \retval 0 no match
*/
static int ThresholdHandlePacketFlow(Flow *f, Packet *p, const DetectThresholdData *td,
- uint32_t sid, uint32_t gid, PacketAlert *pa)
+ uint32_t sid, uint32_t gid, uint32_t rev, PacketAlert *pa)
{
int ret = 0;
- ThresholdEntry *found = ThresholdFlowLookupEntry(f, sid, gid);
- SCLogDebug("found %p sid %u gid %u", found, sid, gid);
+ ThresholdEntry *found = ThresholdFlowLookupEntry(f, sid, gid, rev);
+ SCLogDebug("found %p sid %u gid %u rev %u", found, sid, gid, rev);
if (found == NULL) {
FlowThresholdEntryList *new = SCCalloc(1, sizeof(*new));
return 0;
// new threshold, set up
- ret = ThresholdSetup(td, &new->threshold, p->ts, sid, gid);
+ ret = ThresholdSetup(td, &new->threshold, p->ts, sid, gid, rev);
if (AddEntryToFlow(f, new, p->ts) == -1) {
SCFree(new);
ret = ThresholdGetFromHash(&ctx, p, s, td, pa);
} else if (td->track == TRACK_FLOW) {
if (p->flow) {
- ret = ThresholdHandlePacketFlow(p->flow, p, td, s->id, s->gid, pa);
+ ret = ThresholdHandlePacketFlow(p->flow, p, td, s->id, s->gid, s->rev, pa);
}
}
projects / thirdparty / suricata.git / commitdiff
