From: Eric Leblond <eric@regit.org>
Date: Tue, 1 Oct 2013 14:23:47 +0000 (+0200)
Subject: reject: try to fail more gracefully
X-Git-Tag: suricata-2.0beta2~251
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c50e411538f173ffba00823adf04901c1a768d1;p=thirdparty%2Fsuricata.git

reject: try to fail more gracefully

In the case of reject both, a failure in sending one way do not lead to
abort the reset procedure.
---

diff --git a/src/respond-reject.c b/src/respond-reject.c
index 903635a855..25d2792f94 100644
--- a/src/respond-reject.c
+++ b/src/respond-reject.c
@@ -102,11 +102,12 @@ int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data)
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
         SCReturnInt(RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST));
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC) == 0 &&
-            RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
+        int ret;
+        ret = RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC);
+        if (RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(1);
+            SCReturnInt(ret);
         }
     }
     SCReturnInt(0);
@@ -120,11 +121,12 @@ int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data)
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
         SCReturnInt(RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST));
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC) == 0 &&
-            RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
+        int ret;
+        ret = RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_SRC);
+        if (RejectSendLibnet11L3IPv4ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(1);
+            SCReturnInt(ret);
         }
     }
     SCReturnInt(0);
@@ -138,11 +140,12 @@ int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data)
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
         SCReturnInt(RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST));
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        if (RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC) == 0 &&
-            RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST) == 0) {
+        int ret;
+        ret = RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_SRC);
+        if (RejectSendLibnet11L3IPv6TCP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(1);
+            SCReturnInt(ret);
         }
     }
     SCReturnInt(0);
@@ -156,11 +159,12 @@ int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data)
     } else if (PACKET_TEST_ACTION(p, ACTION_REJECT_DST)) {
         SCReturnInt(RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST));
     } else if(PACKET_TEST_ACTION(p, ACTION_REJECT_BOTH)) {
-        if (RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC) == 0 &&
-            RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
+        int ret;
+        ret = RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_SRC);
+        if (RejectSendLibnet11L3IPv6ICMP(tv, p, data, REJECT_DIR_DST) == 0) {
             SCReturnInt(0);
         } else {
-            SCReturnInt(1);
+            SCReturnInt(ret);
         }
     }
     SCReturnInt(0);