#[derive(Debug)]
pub struct FileTransferTracker {
- file_size: u64,
pub tracked: u64,
cur_ooo: u64, // how many bytes do we have queued from ooo chunks
track_id: u32,
impl FileTransferTracker {
pub fn new() -> FileTransferTracker {
FileTransferTracker {
- file_size:0,
tracked:0,
cur_ooo:0,
track_id:0,
if (rule_content == 1) {
//todo: warning if content is weak, separate warning for pcre + weak content
}
- if (rule_flow == 0 && rule_flags == 0
- && !(s->proto.flags & DETECT_PROTO_ANY) && DetectProtoContainsProto(&s->proto, IPPROTO_TCP)
- && (rule_content || rule_content_http || rule_pcre || rule_pcre_http || rule_flowbits || rule_flowint)) {
+ if (rule_flow == 0 && rule_flags == 0 && !(s->proto.flags & DETECT_PROTO_ANY) &&
+ DetectProtoContainsProto(&s->proto, IPPROTO_TCP) &&
+ (rule_content || rule_content_http || rule_pcre || rule_pcre_http || rule_flowbits ||
+ rule_flowint)) {
rule_warning += 1;
warn_tcp_no_flow = 1;
}
if (rule_ipv6_only) fprintf(rule_engine_analysis_FD, " Rule is IPv6 only.\n");
if (rule_ipv4_only) fprintf(rule_engine_analysis_FD, " Rule is IPv4 only.\n");
if (packet_buf) fprintf(rule_engine_analysis_FD, " Rule matches on packets.\n");
- if (!rule_flow_nostream && stream_buf && (rule_flow || rule_flowbits || rule_flowint || rule_content || rule_pcre)) {
+ if (!rule_flow_nostream && stream_buf &&
+ (rule_flow || rule_flowbits || rule_flowint || rule_content || rule_pcre)) {
fprintf(rule_engine_analysis_FD, " Rule matches on reassembled stream.\n");
}
for(size_t i = 0; i < ARRAY_SIZE(analyzer_items); i++) {
uint32_t payload_no_mpm_cnt = 0;
uint32_t syn_cnt = 0;
- uint32_t mpms_total = 0;
uint32_t mpms_min = 0;
uint32_t mpms_max = 0;
}
uint32_t w = PatternStrength(cd->content, cd->content_len);
- mpms_total += w;
if (mpms_min == 0)
mpms_min = w;
if (w < mpms_min)
projects / thirdparty / suricata.git / commitdiff
