detect/alert: remove unused functions

Since we now only copy the PacketAlerts to the Packet's queue after
processing them, we no longer do packet alert appending from
detect-engine-alert, nor do we remove PacketAlerts from the queue (if
they're discarded by overflow or thresholding, they're not copied to the
final alert queue).

Task #4943

(cherry picked from commit e4e688a9b0add66aa0b97df0f7b1b9e60f68fb90)

diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c
index 8d8a062474475a973c95d2b17ae3570f324d6239..0685b5ef6775931876f4eaa3976971a0d396583d 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -126,7 +126,6 @@ static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det
     SCReturnInt(1);
 }
 
-
 /**
  * \brief Check if a certain sid alerted, this is used in the test functions
  *
@@ -151,81 +150,6 @@ int PacketAlertCheck(Packet *p, uint32_t sid)
     return match;
 }
 
-/**
- * \brief Remove alert from the p->alerts.alerts array at pos
- * \param p Pointer to the Packet
- * \param pos Position in the array
- * \retval 0 if the number of alerts is less than pos
- *         1 if all goes well
- */
-int PacketAlertRemove(Packet *p, uint16_t pos)
-{
-    uint16_t i = 0;
-    int match = 0;
-
-    if (pos > p->alerts.cnt) {
-        SCLogDebug("removing %u failed, pos > cnt %u", pos, p->alerts.cnt);
-        return 0;
-    }
-
-    for (i = pos; i <= p->alerts.cnt - 1; i++) {
-        memcpy(&p->alerts.alerts[i], &p->alerts.alerts[i + 1], sizeof(PacketAlert));
-    }
-
-    // Update it, since we removed 1
-    p->alerts.cnt--;
-
-    return match;
-}
-
-/** \brief append a signature match to a packet
- *
- *  \param det_ctx thread detection engine ctx
- *  \param s the signature that matched
- *  \param p packet
- *  \param flags alert flags
- */
-int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, const Signature *s,
-        Packet *p, uint64_t tx_id, uint8_t flags)
-{
-    int i = 0;
-
-    if (p->alerts.cnt == PACKET_ALERT_MAX)
-        return 0;
-
-    SCLogDebug("sid %"PRIu32"", s->id);
-
-    /* It should be usually the last, so check it before iterating */
-    if (p->alerts.cnt == 0 || (p->alerts.cnt > 0 &&
-                               p->alerts.alerts[p->alerts.cnt - 1].num < s->num)) {
-        /* We just add it */
-        p->alerts.alerts[p->alerts.cnt].num = s->num;
-        p->alerts.alerts[p->alerts.cnt].action = s->action;
-        p->alerts.alerts[p->alerts.cnt].flags = flags;
-        p->alerts.alerts[p->alerts.cnt].s = s;
-        p->alerts.alerts[p->alerts.cnt].tx_id = tx_id;
-    } else {
-        /* We need to make room for this s->num
-         (a bit ugly with memcpy but we are planning changes here)*/
-        for (i = p->alerts.cnt - 1; i >= 0 && p->alerts.alerts[i].num > s->num; i--) {
-            memcpy(&p->alerts.alerts[i + 1], &p->alerts.alerts[i], sizeof(PacketAlert));
-        }
-
-        i++; /* The right place to store the alert */
-
-        p->alerts.alerts[i].num = s->num;
-        p->alerts.alerts[i].action = s->action;
-        p->alerts.alerts[i].flags = flags;
-        p->alerts.alerts[i].s = s;
-        p->alerts.alerts[i].tx_id = tx_id;
-    }
-
-    /* Update the count */
-    p->alerts.cnt++;
-
-    return 0;
-}
-
 static inline void RuleActionToFlow(const uint8_t action, Flow *f)
 {
     if (action & (ACTION_DROP | ACTION_REJECT_ANY | ACTION_PASS)) {

diff --git a/src/detect-engine-alert.h b/src/detect-engine-alert.h
index 8ae7fe5130a8549c8efb3d2f0e68b66b1b4a5454..b587f57fa29ad3b79179dc78e6020f2d258d29e8 100644 (file)
--- a/src/detect-engine-alert.h
+++ b/src/detect-engine-alert.h
@@ -33,10 +33,7 @@ void AlertQueueFree(DetectEngineThreadCtx *det_ctx);
 void AlertQueueAppend(DetectEngineThreadCtx *det_ctx, const Signature *s, Packet *p, uint64_t tx_id,
         uint8_t alert_flags);
 void PacketAlertFinalize(DetectEngineCtx *, DetectEngineThreadCtx *, Packet *);
-int PacketAlertAppend(DetectEngineThreadCtx *, const Signature *,
-        Packet *, uint64_t tx_id, uint8_t);
 int PacketAlertCheck(Packet *, uint32_t);
-int PacketAlertRemove(Packet *, uint16_t);
 void PacketAlertTagInit(void);
 PacketAlert *PacketAlertGetTag(void);