}
}
-/* returns 0 if no match, 1 if match */
-static inline int DetectRunInspectRuleHeader(
- const Packet *p,
- const Flow *f,
- const Signature *s,
- const uint32_t sflags,
- const uint8_t s_proto_flags)
+/** \internal
+ * \brief inspect the rule header: protocol, ports, etc
+ * \retval bool false if no match, true if match */
+static inline bool DetectRunInspectRuleHeader(const Packet *p, const Flow *f, const Signature *s,
+ const uint32_t sflags, const uint8_t s_proto_flags)
{
/* check if this signature has a requirement for flowvars of some type
* and if so, if we actually have any in the flow. If not, the sig
if (fv == false) {
SCLogDebug("skipping sig as the flow has no flowvars and sig "
"has SIG_FLAG_REQUIRE_FLOWVAR flag set.");
- return 0;
+ return false;
}
}
if ((s_proto_flags & DETECT_PROTO_IPV4) && !PKT_IS_IPV4(p)) {
SCLogDebug("ip version didn't match");
- return 0;
+ return false;
}
if ((s_proto_flags & DETECT_PROTO_IPV6) && !PKT_IS_IPV6(p)) {
SCLogDebug("ip version didn't match");
- return 0;
+ return false;
}
if (DetectProtoContainsProto(&s->proto, IP_GET_IPPROTO(p)) == 0) {
SCLogDebug("proto didn't match");
- return 0;
+ return false;
}
/* check the source & dst port in the sig */
if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP || p->proto == IPPROTO_SCTP) {
if (!(sflags & SIG_FLAG_DP_ANY)) {
if (p->flags & PKT_IS_FRAGMENT)
- return 0;
+ return false;
const DetectPort *dport = DetectPortLookupGroup(s->dp, p->dp);
if (dport == NULL) {
SCLogDebug("dport didn't match.");
- return 0;
+ return false;
}
}
if (!(sflags & SIG_FLAG_SP_ANY)) {
if (p->flags & PKT_IS_FRAGMENT)
- return 0;
+ return false;
const DetectPort *sport = DetectPortLookupGroup(s->sp, p->sp);
if (sport == NULL) {
SCLogDebug("sport didn't match.");
- return 0;
+ return false;
}
}
} else if ((sflags & (SIG_FLAG_DP_ANY|SIG_FLAG_SP_ANY)) != (SIG_FLAG_DP_ANY|SIG_FLAG_SP_ANY)) {
SCLogDebug("port-less protocol and sig needs ports");
- return 0;
+ return false;
}
/* check the destination address */
if (!(sflags & SIG_FLAG_DST_ANY)) {
if (PKT_IS_IPV4(p)) {
if (DetectAddressMatchIPv4(s->addr_dst_match4, s->addr_dst_match4_cnt, &p->dst) == 0)
- return 0;
+ return false;
} else if (PKT_IS_IPV6(p)) {
if (DetectAddressMatchIPv6(s->addr_dst_match6, s->addr_dst_match6_cnt, &p->dst) == 0)
- return 0;
+ return false;
}
}
/* check the source address */
if (!(sflags & SIG_FLAG_SRC_ANY)) {
if (PKT_IS_IPV4(p)) {
if (DetectAddressMatchIPv4(s->addr_src_match4, s->addr_src_match4_cnt, &p->src) == 0)
- return 0;
+ return false;
} else if (PKT_IS_IPV6(p)) {
if (DetectAddressMatchIPv6(s->addr_src_match6, s->addr_src_match6_cnt, &p->src) == 0)
- return 0;
+ return false;
}
}
- return 1;
+ return true;
}
/** \internal
}
}
- if (DetectRunInspectRuleHeader(p, pflow, s, sflags, s_proto_flags) == 0) {
+ if (DetectRunInspectRuleHeader(p, pflow, s, sflags, s_proto_flags) == false) {
goto next;
}
/* for a new inspection we inspect pkt header and packet matches */
if (likely(stored_flags == NULL)) {
TRACE_SID_TXS(s->id, tx, "first inspect, run packet matches");
- if (DetectRunInspectRuleHeader(p, f, s, s->flags, s->proto.flags) == 0) {
+ if (DetectRunInspectRuleHeader(p, f, s, s->flags, s->proto.flags) == false) {
TRACE_SID_TXS(s->id, tx, "DetectRunInspectRuleHeader() no match");
return false;
}
/* call individual rule inspection */
RULE_PROFILING_START(p);
- int r = DetectRunInspectRuleHeader(p, f, s, s->flags, s->proto.flags);
- if (r == 1) {
+ bool r = DetectRunInspectRuleHeader(p, f, s, s->flags, s->proto.flags);
+ if (r == true) {
r = DetectRunFrameInspectRule(tv, det_ctx, s, f, p, frames, frame);
- if (r == 1) {
+ if (r == true) {
/* match */
DetectRunPostMatch(tv, det_ctx, p, s);
projects / thirdparty / suricata.git / commitdiff
