detect/alert: minor code refactor

author Victor Julien <victor@inliniac.net>

Tue, 9 Mar 2021 19:56:14 +0000 (20:56 +0100)

committer Jeff Lucovsky <jeff@lucovsky.org>

Sat, 1 May 2021 12:29:28 +0000 (08:29 -0400)
author Victor Julien <victor@inliniac.net>
Tue, 9 Mar 2021 19:56:14 +0000 (20:56 +0100)
committer Jeff Lucovsky <jeff@lucovsky.org>
Sat, 1 May 2021 12:29:28 +0000 (08:29 -0400)
diff --git a/src/action-globals.h b/src/action-globals.h

index aa46bd293d1b7eb255c3ce6a5b165264c37e1b5f..e3529892a28a933eb7834496545a0bde2e610188 100644 (file)
--- a/src/action-globals.h
+++ b/src/action-globals.h
@@ -30,6 +30,7 @@
  #define ACTION_DROP         0x02
  #define ACTION_REJECT       0x04
  #define ACTION_REJECT_DST   0x08
+#define ACTION_REJECT_ANY   (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)
  #define ACTION_REJECT_BOTH  0x10
  #define ACTION_PASS         0x20
  
diff --git a/src/detect-engine-alert.c b/src/detect-engine-alert.c

index d60e2b111d0caccdbee0ae88c42e0d8217044066..7d6c7c833238177d00320f2704577ffea9c6f10e 100644 (file)
--- a/src/detect-engine-alert.c
+++ b/src/detect-engine-alert.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2011 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
   *
   * You can copy, redistribute or modify this Program under the terms of
   * the GNU General Public License version 2 as published by the Free
@@ -226,6 +226,19 @@ int PacketAlertAppend(DetectEngineThreadCtx *det_ctx, const Signature *s,
      return 0;
  }
  
+static inline void RuleActionToFlow(const uint8_t action, Flow *f)
+{
+    if (action & ACTION_DROP)
+        f->flags |= FLOW_ACTION_DROP;
+
+    if (action & ACTION_REJECT_ANY)
+        f->flags |= FLOW_ACTION_DROP;
+
+    if (action & ACTION_PASS) {
+        FlowSetNoPacketInspectionFlag(f);
+    }
+}
+
  /**
   * \brief Check the threshold of the sigs that match, set actions, break on pass action
   *        This function iterate the packet alerts array, removing those that didn't match
@@ -264,17 +277,7 @@ void PacketAlertFinalize(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
  
              if (s->flags & SIG_FLAG_IPONLY) {
                  if (p->flow != NULL) {
-                    if (s->action & ACTION_DROP)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_REJECT)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_REJECT_DST)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_REJECT_BOTH)
-                        p->flow->flags |= FLOW_ACTION_DROP;
-                    if (s->action & ACTION_PASS) {
-                        FlowSetNoPacketInspectionFlag(p->flow);
-                    }
+                    RuleActionToFlow(s->action, p->flow);
                  }
              }
author	Victor Julien <victor@inliniac.net>
	Tue, 9 Mar 2021 19:56:14 +0000 (20:56 +0100)
committer	Jeff Lucovsky <jeff@lucovsky.org>
	Sat, 1 May 2021 12:29:28 +0000 (08:29 -0400)
src/action-globals.h		patch \| blob \| blame \| history
src/detect-engine-alert.c		patch \| blob \| blame \| history