]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bcf5431)
Merge pull request #1335 in SNORT/snort3 from disable_inspect to master
authorMike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 30 Aug 2018 20:31:24 +0000 (16:31 -0400)
committerMike Stepanek (mstepane) <mstepane@cisco.com>
Thu, 30 Aug 2018 20:31:24 +0000 (16:31 -0400)
Squashed commit of the following:

commit f1c1cbc839d80a13ae36775533f2d1804aa6b587
Author: Silviu Minut <sminut@cisco.com>
Date:   Fri Aug 17 13:38:35 2018 -0400

    file_api:  set disable flow inspection as soon as the verdict is REJECT

    file_api: treat a BLOCK verdict the same as a REJECT verdict, for good measure.

    file_api: move the check on REJECT or BLOCK inside an upper if clause for performance reasons.

src/file_api/file_lib.cc patch | blob | blame | history

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 1e85dd6219f66916c036a53a161d9c0539b928b7..97e842bbf3c9087924cb796b1e224cef487e565a 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -365,6 +365,8 @@ void FileContext::finish_signature_lookup(Flow* flow, bool final_lookup, FilePol
             log_file_event(flow, policy);
             config_file_signature(false);
             file_stats->signatures_processed[get_file_type()][get_file_direction()]++;
+            if ( verdict == FILE_VERDICT_REJECT or verdict == FILE_VERDICT_BLOCK)
+                flow->disable_inspection();
         }
         else
         {
@@ -800,4 +802,3 @@ bool file_IDs_from_group(const void *conf, const char *group,
     return get_ids_from_group(conf, group, ids, count);
 }
  **/
-
Mirror of https://github.com/snort3/snort3.git