/* set verdict on packet */
p->action |= p->alerts.alerts[i].action;
- if (p->alerts.alerts[i].action & ACTION_PASS) {
+ if (p->action & ACTION_PASS) {
/* Ok, reset the alert cnt to end in the previous of pass
* so we ignore the rest with less prio */
p->alerts.cnt = i;
break;
/* if the signature wants to drop, check if the
* PACKET_ALERT_FLAG_DROP_FLOW flag is set. */
- } else if (p->alerts.alerts[i].action & ACTION_DROP &&
+ } else if (p->action & ACTION_DROP &&
((p->alerts.alerts[i].flags & PACKET_ALERT_FLAG_DROP_FLOW) ||
(s->flags & SIG_FLAG_APPLAYER))
&& p->flow != NULL)
{
SCLogDebug("rate_filter");
+ ret = 1;
+
if (lookup_tsh != NULL) {
/* Check if we have a timeout enabled, if so,
* we still matching (and enabling the new_action) */
/* Update the matching state with the timeout interval */
if ( (p->ts.tv_sec - lookup_tsh->tv_sec1) < td->seconds) {
lookup_tsh->current_count++;
- if (lookup_tsh->current_count >= td->count) {
+ if (lookup_tsh->current_count > td->count) {
/* Then we must enable the new action by setting a
* timeout */
lookup_tsh->tv_timeout = p->ts.tv_sec;
if (ByteExtractStringUint32(&parsed_count, 10, strlen(th_count), th_count) <= 0) {
goto error;
}
+ if (parsed_count == 0) {
+ SCLogError(SC_ERR_INVALID_VALUE, "rate filter count should be > 0");
+ goto error;
+ }
if (ByteExtractStringUint32(&parsed_seconds, 10, strlen(th_seconds), th_seconds) <= 0) {
goto error;
projects / thirdparty / suricata.git / commitdiff
