It was not used separately from FLOW_ACTION_PASS.
p->flow->todstbytecnt + p->flow->tosrcbytecnt);
MemBufferWriteString(aft->buffer,
"FLOW ACTION: DROP: %s\n"
- "FLOW NOINSPECTION: PACKET: %s, PAYLOAD: %s, APP_LAYER: %s\n"
+ "FLOW PAYLOAD: %s, APP_LAYER: %s\n"
"FLOW APP_LAYER: DETECTED: %s, PROTO %" PRIu16 "\n",
p->flow->flags & FLOW_ACTION_DROP ? "TRUE" : "FALSE",
- p->flow->flags & FLOW_NOPACKET_INSPECTION ? "TRUE" : "FALSE",
p->flow->flags & FLOW_NOPAYLOAD_INSPECTION ? "TRUE" : "FALSE",
applayer ? "TRUE" : "FALSE",
(p->flow->alproto != ALPROTO_UNKNOWN) ? "TRUE" : "FALSE", p->flow->alproto);
if (action & ACTION_PASS) {
f->flags |= FLOW_ACTION_PASS;
SCLogDebug("setting flow action pass");
- FlowSetNoPacketInspectionFlag(f);
}
}
}
{
Flow *const f = p->flow;
- if (p->flags & PKT_NOPACKET_INSPECTION) {
+ if (p->flags & PKT_NOPACKET_INSPECTION || f->flags & (FLOW_ACTION_PASS)) {
/* hack: if we are in pass the entire flow mode, we need to still
* update the inspect_id forward. So test for the condition here,
* and call the update code if necessary. */
- const int pass = ((f->flags & FLOW_NOPACKET_INSPECTION));
+ const int pass = ((f->flags & (FLOW_ACTION_PASS)));
if (pass) {
uint8_t flags = STREAM_FLAGS_FOR_PACKET(p);
flags = FlowGetDisruptionFlags(f, flags);
p->vlan_idx = f->vlan_idx;
p->livedev = (struct LiveDevice_ *)f->livedev;
- if (f->flags & FLOW_NOPACKET_INSPECTION) {
- DecodeSetNoPacketInspectionFlag(p);
- }
if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
DecodeSetNoPayloadInspectionFlag(p);
}
if (f->flags & FLOW_ACTION_DROP) {
PacketDrop(p, ACTION_DROP, PKT_DROP_REASON_FLOW_DROP);
}
- /*set the detection bypass flags*/
- if (f->flags & FLOW_NOPACKET_INSPECTION) {
- SCLogDebug("setting FLOW_NOPACKET_INSPECTION flag on flow %p", f);
- DecodeSetNoPacketInspectionFlag(p);
- }
+
if (f->flags & FLOW_NOPAYLOAD_INSPECTION) {
SCLogDebug("setting FLOW_NOPAYLOAD_INSPECTION flag on flow %p", f);
DecodeSetNoPayloadInspectionFlag(p);
// vacancy bit 4
-/** Packet belonging to this flow should not be inspected at all */
-#define FLOW_NOPACKET_INSPECTION BIT_U32(5)
+// vacancy bit 5
+
/** Packet payloads belonging to this flow should not be inspected */
#define FLOW_NOPAYLOAD_INSPECTION BIT_U32(6)
return f->alstate;
}
-/** \brief Set the No Packet Inspection Flag without locking the flow.
- *
- * \param f Flow to set the flag in
- */
-static inline void FlowSetNoPacketInspectionFlag(Flow *f)
-{
- SCEnter();
-
- SCLogDebug("flow %p", f);
- f->flags |= FLOW_NOPACKET_INSPECTION;
-
- SCReturn;
-}
-
/** \brief Set the No payload inspection Flag without locking the flow.
*
* \param f Flow to set the flag in
/* Second part.. Let's feed with another packet */
if (StreamTcpCheckFlowDrops(p2) == 1) {
SCLogDebug("This flow/stream triggered a drop rule");
- FlowSetNoPacketInspectionFlag(p2->flow);
DecodeSetNoPacketInspectionFlag(p2);
StreamTcpDisableAppLayer(p2->flow);
p2->action |= ACTION_DROP;
if (p->flow) {
p->flow->flags |= FLOW_ACTION_DROP;
FlowSetNoPayloadInspectionFlag(p->flow);
- FlowSetNoPacketInspectionFlag(p->flow);
StreamTcpDisableAppLayer(p->flow);
}
/* fall through */
SCLogDebug("EXCEPTION_POLICY_PASS_FLOW");
if (p->flow) {
p->flow->flags |= FLOW_ACTION_PASS;
- FlowSetNoPacketInspectionFlag(p->flow); // TODO util func
}
/* fall through */
case EXCEPTION_POLICY_PASS_PACKET:
projects / thirdparty / suricata.git / commitdiff
